Snapchat Has its Flaws

Snapchat may not be such a cool cat

Snapchat may not be such a cool cat

A New Flaw Found in the Snapchat App is Susceptible to Hacks

According to Spanish researchers, a new flaw in the way Snapchat handles user-verification tokens makes the image-messaging service vulnerable to a denial of service attack that can crash iPhones.

The researchers, Jaime Sanchez and Pablo San Emeterio announced the flaw on a Spanish-language blog posting on Jan. 12 and then presented the findings at the ShmooCon security conference in Washington, D.C on Jan. 18. However, even after this conference the flaw did not get widespread attention. It was not until Sanchez spoke to the Los Angeles Times for a story published on Feb. 7 that the flaw spread like wildfire.

Sanchez and Emeterio found that it was possible to copy the authentication token of a single Spanchat message and apply it to other messages. They found that it was even possible to copy the authentication token and copy it to messages from other accounts. By flooding the iPhone with a large number of Snapchat messages that all have the same authentication token would make the iPhone crash or freeze, requiring a “hard” reset that reboots the iPhone, Sanchez said.

The Los Angeles Times posted a video of an iPhone 5s receiving this overwhelming amount of Snapchat messages from the same sender and then becoming unresponsive. Sanchez then demonstrated the service attack on an actual iPhone. He sent the account almost 1,000 messages in five seconds, which caused the phone to freeze and then automatically reboot.

Although there is no concrete suggestion of how to fix the problem, Sanchez did suggest that drastically shortening  the lifespan of the authentication code might work.

Since this revelation, Snapchat has ignored information about flaws. Other researchers in Australia, Texas, and Georgia have complained of similar problems, only to be ignored. Snapchat denies knowledge of these flaws and invites researchers to contact the company.

Will Snapchat crash your phone? Hard to tell but it is good to know we should be on the lookout for this potential threat to our personal phones.

For more information on this topic see: