A vulnerability in Snapchat, the popular photo / video IM chat app, potentially leaves iPhone users susceptible to denial-of-service (DoS) attacks, which, when carried out, may cause a device to freeze up or crash.
There are plenty of apps within the App Store that facilitate the sharing of photo and video clips, but Snapchat is rather different to most of them. Instead of letting a user send a photo or video in the traditional sense, Snapchat’s system is such that said photo (Snap) or clip is only shown to the recipient for a finite amount of time, as set by the sender.
Although some remain confused as to why, the app has proved to be a huge hit, with many millions of downloads across both the Android and iOS ecosystems. However, those operating a device on the latter may be open to this vulnerability, which, as discovered by security researcher Jamie Sanchez, can potentially wreak havoc on the Apple iPhone.
Just like the iMessage DoS-like attacks, which saw many developers and other iOS users inundated with messages to the point where a device became unusable, this Snapchat bug means a hacker could quite easily push thousands of messages to one user in a matter of seconds. The only way out, from there would be a hard reset.
The way the hack works, as explained by Sanchez, is fairly simple. Snapchat generates tokens in order to verify a user’s identity, but these can easily be latched upon by a hacker and used again. As a result, a deluge of messages can be sent in a very short space of time, in turn crippling the device targeted.
Worryingly, the process could be used to hit a number of users at any one time, but the security expert refuses to contact Snapchat to report the flaw. Why? Well, perhaps even more disconcertingly, he is of the opinion that the guys behind the popular app have "no respect for the cyber security research community," and considering that privacy issues and other problems related to user data have arisen before with the start-up, one has to wonder whether Snapchat might end up shooting itself in the foot.
Still, until a fix comes out, iPhone users are at risk. We’ll keep you posted on any updates, so stay tuned.