Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

MacRumors

macrumors bot
Original poster
Apr 12, 2001
63,292
30,376



snapchatlogo.png
A vulnerability in the Snapchat app opens the iPhone up to denial-of-service attacks that can cause the device to freeze and crash, according to cyber security researcher Jamie Sanchez [Google Translation] (via The Los Angeles Times).

A weakness in the app's system can allow a hacker to send thousands of messages to a Snapchat user in seconds, which can cause a crash that requires a hard reset to fix. Tokens generated by the app used to verify user identity can be reused by hackers to send a flood of messages.
By reusing old tokens, hackers can send massive amounts of messages using powerful computers. This method could be used by spammers to send messages in mass quantities to numerous users, or it could be used to launch a cyber attack on specific individuals, [Sanchez] said.
Sanchez demonstrated the flaw for The Los Angeles Times, sending a reporter 1,000 messages within five seconds in a denial-of-service attack, which caused the reporter's iPhone to freeze until it restarted.

The security researcher declined to contact Snapchat with his findings as he believes the startup "has no respect for the cyber security research community" after ignoring previous app vulnerability reports.

Snapchat has faced multiple problems as its private messaging app has grown in popularity, including vulnerabilities that allowed users to bypass screenshot notifications and a recent security breach that compromised the user names and phone numbers of more than 4.6 million customers, which Snapchat was warned about ahead of time by a security group.

When asked about this particular vulnerability, Snapchat said it was unaware of the problem but interested in learning more.

Article Link: Snapchat Vulnerability Can Lead to iPhone Denial-of-Service Attacks
 

wordoflife

macrumors 604
Jul 6, 2009
7,564
37
If you use snapchat, I would suggest only allowing your friends/contacts to snap you.
 

Consultant

macrumors G5
Jun 27, 2007
13,314
34
Easily mitigated if you don't let strangers contact you.

Also, can't people simply go to "do not disturb" mode?
 

pramirez95

macrumors newbie
Oct 14, 2013
26
0
Chicago
I'm 19, and even I find Snapchat annoying. Glad I deleted mine months ago. I knew it would only bring problems.

And as for snapchat only being "interested in learning more," I would think a company would at least put out a statement saying they are working hard on a fix. I agree with Sanchez; they must really not care.
 

2457282

Suspended
Dec 6, 2012
3,327
3,015
I find all these tools a bit much. I understand that there are some folks not on apple (I don't know any, I hear it happens :D ), but with most providers giving unlimited text as a basic feature these days (at least in the US), I see no real reason to use anything other than the apple provided imessage. What do these tools do that I cannot already do?
 

AngerDanger

Graphics
Staff member
Dec 9, 2008
5,452
29,002
I'm shocked to hear that the sketchy app which allows users to send "temporary" nudes and features a ghost in its icon could be used in such a harmful way! :p
 

darkslide29

macrumors 68000
Oct 5, 2011
1,860
886
San Francisco, California
After the earlier story that quoted Tim Cook saying spending 10 figures on a company is no problem, and now this snapchat story...

I wish it was April 1st, and the next post on MacRumors is that Apple has agreed to buy SnapChat for $1bil, just to see everyone lose their stuff in the comments.
I mean, Facebook bought Instagram for $1bil, so i could at least be a believable story for a few minutes. Just for the laughs. :p:)
 

bacaramac

macrumors 65816
Dec 29, 2007
1,424
100
I have other apps that can crash as well. Don't really see the issue. I've been in a Game or Facebook and it's caused my phone to restart (display Apple Logo). Heck even Safari has done this.

Maybe I'm missing something, but doesn't really seem like a valid issue, just crappy programing.
 

avanpelt

macrumors 68030
Jun 2, 2010
2,956
3,877
I find all these tools a bit much. I understand that there are some folks not on apple (I don't know any, I hear it happens :D ), but with most providers giving unlimited text as a basic feature these days (at least in the US), I see no real reason to use anything other than the apple provided imessage. What do these tools do that I cannot already do?

I use What'sApp for one reason: I have friends outside the U.S. who do not have iPhones that I would like to have SMS-type communication with in a way that won't incur per-message charges.

Sure, being on Verizon, I have unlimited SMS to friends in the U.S. who are not on iPhones; but I'm not going to pay Verizon an extra $5.00 a month, I think it is, to have worldwide SMS when the people I would be sending SMS messages to abroad would likely have to pay per-message for incoming SMS messages from the U.S. anyway.

As for Snapchat, don't use it and can't envision a scenario when I ever would.
 

dcchicago29

macrumors newbie
Feb 7, 2014
1
0
After the earlier story that quoted Tim Cook saying spending 10 figures on a company is no problem, and now this snapchat story...

I wish it was April 1st, and the next post on MacRumors is that Apple has agreed to buy SnapChat for $1bil, just to see everyone lose their stuff in the comments.
I mean, Facebook bought Instagram for $1bil, so i could at least be a believable story for a few minutes. Just for the laughs. :p:)

FB already offer $3B for it and was spurned.
 

Nunyabinez

macrumors 68000
Apr 27, 2010
1,758
2,230
Provo, UT
I heard the actual problem was that if the picture you sent was really hot the phone would overheat and go down on you.

(Rimshot)
 

Parasprite

macrumors 68000
Mar 5, 2013
1,698
144
I have other apps that can crash as well. Don't really see the issue. I've been in a Game or Facebook and it's caused my phone to restart (display Apple Logo). Heck even Safari has done this.

Maybe I'm missing something, but doesn't really seem like a valid issue, just crappy programing.

Basically someone figured out how to selectively target and crash people's phones, solely because they happen to use Snapchat.
 

batchtaster

macrumors 65816
Mar 3, 2008
1,031
217
All I really know or care about Snapchat is that seeing my 14 year old niece mugging for the camera every 2 minutes as she spent Christmas Day on Snapchat made me want her stupid phone to explode in her stupid face. And for her stupid parents to start parenting her.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.