Snapchat Vulnerability Can Lead to iPhone Denial-of-Service Attacks - MacRumors Forums
Register FAQ / Rules Forum Spy Search Today's Posts Mark Forums Read
Go Back   MacRumors Forums > News and Article Discussion > MacRumors.com News Discussion

Reply
 
Thread Tools Search this Thread Display Modes
Old Feb 7, 2014, 02:18 PM   #1
MacRumors
macrumors bot
 
Join Date: Apr 2001
Snapchat Vulnerability Can Lead to iPhone Denial-of-Service Attacks




A vulnerability in the Snapchat app opens the iPhone up to denial-of-service attacks that can cause the device to freeze and crash, according to cyber security researcher Jamie Sanchez [Google Translation] (via The Los Angeles Times).

A weakness in the app's system can allow a hacker to send thousands of messages to a Snapchat user in seconds, which can cause a crash that requires a hard reset to fix. Tokens generated by the app used to verify user identity can be reused by hackers to send a flood of messages.
Quote:
By reusing old tokens, hackers can send massive amounts of messages using powerful computers. This method could be used by spammers to send messages in mass quantities to numerous users, or it could be used to launch a cyber attack on specific individuals, [Sanchez] said.
Sanchez demonstrated the flaw for The Los Angeles Times, sending a reporter 1,000 messages within five seconds in a denial-of-service attack, which caused the reporter's iPhone to freeze until it restarted.

The security researcher declined to contact Snapchat with his findings as he believes the startup "has no respect for the cyber security research community" after ignoring previous app vulnerability reports.

Snapchat has faced multiple problems as its private messaging app has grown in popularity, including vulnerabilities that allowed users to bypass screenshot notifications and a recent security breach that compromised the user names and phone numbers of more than 4.6 million customers, which Snapchat was warned about ahead of time by a security group.

When asked about this particular vulnerability, Snapchat said it was unaware of the problem but interested in learning more.

Article Link: Snapchat Vulnerability Can Lead to iPhone Denial-of-Service Attacks
MacRumors is offline   0 Reply With Quote
Old Feb 7, 2014, 02:20 PM   #2
ZacNicholson
macrumors 6502a
 
ZacNicholson's Avatar
 
Join Date: Jun 2011
Location: Indiana
Send a message via Skype™ to ZacNicholson
snapchat is more trouble than what its worth. if you wanna sext just use iMessage
__________________
follow me on twitter @zac_nicholson
watch my youtube www.youtube.com/mrzacnicholson
2011 13" MBP, iPhone 4 (jailbroken), iPad 3 32 GB Verizon(jailbroken), Apple tv 2(jailbroken)
ZacNicholson is offline   7 Reply With Quote
Old Feb 7, 2014, 02:20 PM   #3
davidangel
macrumors member
 
Join Date: Jan 2008
Hmm...

I wish this enterprise-level software wouldn't be so vulnerable to attack.
__________________
15" Macbook Pro, 2.66 GHz Core i7, 4GB Ram, 500GB 7200rpm HD, Hi-Res Anti-glare Display
2.13 GHz Quad-Core Hackintosh Tower, 8GB Ram, 1TB HD
David Angel | Photography
davidangel is offline   1 Reply With Quote
Old Feb 7, 2014, 02:24 PM   #4
PBF
macrumors 68030
 
Join Date: Jul 2005
Location: NYC
Nothing will deter teens from sexting. LOL
PBF is offline   1 Reply With Quote
Old Feb 7, 2014, 02:24 PM   #5
wordoflife
macrumors 604
 
wordoflife's Avatar
 
Join Date: Jul 2009
Location: Republic City, URN.
If you use snapchat, I would suggest only allowing your friends/contacts to snap you.
__________________
"When we hit our lowest point, we are open to the greatest change."
wordoflife is offline   3 Reply With Quote
Old Feb 7, 2014, 02:25 PM   #6
Consultant
macrumors G5
 
Consultant's Avatar
 
Join Date: Jun 2007
Easily mitigated if you don't let strangers contact you.

Also, can't people simply go to "do not disturb" mode?
Consultant is offline   1 Reply With Quote
Old Feb 7, 2014, 02:27 PM   #7
pramirez95
macrumors newbie
 
Join Date: Oct 2013
Location: Chicago
I'm 19, and even I find Snapchat annoying. Glad I deleted mine months ago. I knew it would only bring problems.

And as for snapchat only being "interested in learning more," I would think a company would at least put out a statement saying they are working hard on a fix. I agree with Sanchez; they must really not care.
pramirez95 is offline   1 Reply With Quote
Old Feb 7, 2014, 02:32 PM   #8
Cuban Missles
macrumors 6502a
 
Cuban Missles's Avatar
 
Join Date: Dec 2012
Location: East Coast, USA
I find all these tools a bit much. I understand that there are some folks not on apple (I don't know any, I hear it happens ), but with most providers giving unlimited text as a basic feature these days (at least in the US), I see no real reason to use anything other than the apple provided imessage. What do these tools do that I cannot already do?
__________________
I have a collection of Apple stickers from all my Apple product purchases - they are white (the stickers not the products)
Cuban Missles is offline   0 Reply With Quote
Old Feb 7, 2014, 02:35 PM   #9
AngerDanger
macrumors 65816
 
AngerDanger's Avatar
 
Join Date: Dec 2008
Location: location, location!
I'm shocked to hear that the sketchy app which allows users to send "temporary" nudes and features a ghost in its icon could be used in such a harmful way!
AngerDanger is offline   1 Reply With Quote
Old Feb 7, 2014, 02:37 PM   #10
ahlsn
macrumors newbie
 
Join Date: Sep 2013
I bid $100 they are still on the market
ahlsn is offline   0 Reply With Quote
Old Feb 7, 2014, 02:41 PM   #11
Slix
macrumors 6502
 
Join Date: Mar 2010
Another reason I do not use Snapchat.
__________________
Looking for a small, close, friendly community where you can hang out, talk about Pokémon and anything, and have fun?
Check out The 'Wag!
Slix is offline   0 Reply With Quote
Old Feb 7, 2014, 02:47 PM   #12
Hastings101
macrumors 68000
 
Hastings101's Avatar
 
Join Date: Jun 2010
Location: Where do YOU live? Nosey
Quote:
Originally Posted by ZacNicholson View Post
snapchat is more trouble than what its worth. if you wanna sext just use iMessage
okay, let's do this
__________________
Candy canes are delicious!
Hastings101 is offline   7 Reply With Quote
Old Feb 7, 2014, 02:53 PM   #13
darkslide29
macrumors 6502a
 
Join Date: Oct 2011
Location: San Francisco, California
After the earlier story that quoted Tim Cook saying spending 10 figures on a company is no problem, and now this snapchat story...

I wish it was April 1st, and the next post on MacRumors is that Apple has agreed to buy SnapChat for $1bil, just to see everyone lose their stuff in the comments.
I mean, Facebook bought Instagram for $1bil, so i could at least be a believable story for a few minutes. Just for the laughs.
__________________
iPhone 5 32GB iPad Mini with Retina Mac Mini (2011) 256gb SSD 16gb ram Apple TV 3
darkslide29 is offline   0 Reply With Quote
Old Feb 7, 2014, 02:54 PM   #14
AngerDanger
macrumors 65816
 
AngerDanger's Avatar
 
Join Date: Dec 2008
Location: location, location!
Quote:
Originally Posted by Hastings101 View Post
Quote:
Originally Posted by ZacNicholson View Post
snapchat is more trouble than what its worth. if you wanna sext just use iMessage
okay, let's do this
Ooh, romance is in the air!
AngerDanger is offline   2 Reply With Quote
Old Feb 7, 2014, 02:56 PM   #15
bacaramac
macrumors 65816
 
bacaramac's Avatar
 
Join Date: Dec 2007
I have other apps that can crash as well. Don't really see the issue. I've been in a Game or Facebook and it's caused my phone to restart (display Apple Logo). Heck even Safari has done this.

Maybe I'm missing something, but doesn't really seem like a valid issue, just crappy programing.
__________________
iMac 27" 3.06Ghz 2TB Time Capsule and AP Express Current Gen AppleTV x 3 iPhone 5s Space Gray 16Gb iPod Touch 4th Gen White iPad mini White/Silver 16GB WiFi
bacaramac is offline   1 Reply With Quote
Old Feb 7, 2014, 03:01 PM   #16
KdParker
macrumors 68020
 
KdParker's Avatar
 
Join Date: Oct 2010
cyber security research community?

What is this commuity exactly?
__________________
16g iPhone5s Space Grey; 16g iPhone5 White;
15" retina - MBP 2.6 GHZ 16 RAM;
iPad4 retina
KdParker is offline   0 Reply With Quote
Old Feb 7, 2014, 03:15 PM   #17
avanpelt
macrumors 6502a
 
Join Date: Jun 2010
Quote:
Originally Posted by Cuban Missles View Post
I find all these tools a bit much. I understand that there are some folks not on apple (I don't know any, I hear it happens ), but with most providers giving unlimited text as a basic feature these days (at least in the US), I see no real reason to use anything other than the apple provided imessage. What do these tools do that I cannot already do?
I use What'sApp for one reason: I have friends outside the U.S. who do not have iPhones that I would like to have SMS-type communication with in a way that won't incur per-message charges.

Sure, being on Verizon, I have unlimited SMS to friends in the U.S. who are not on iPhones; but I'm not going to pay Verizon an extra $5.00 a month, I think it is, to have worldwide SMS when the people I would be sending SMS messages to abroad would likely have to pay per-message for incoming SMS messages from the U.S. anyway.

As for Snapchat, don't use it and can't envision a scenario when I ever would.
avanpelt is offline   0 Reply With Quote
Old Feb 7, 2014, 03:15 PM   #18
dcchicago29
macrumors newbie
 
Join Date: Feb 2014
Quote:
Originally Posted by darkslide29 View Post
After the earlier story that quoted Tim Cook saying spending 10 figures on a company is no problem, and now this snapchat story...

I wish it was April 1st, and the next post on MacRumors is that Apple has agreed to buy SnapChat for $1bil, just to see everyone lose their stuff in the comments.
I mean, Facebook bought Instagram for $1bil, so i could at least be a believable story for a few minutes. Just for the laughs.
FB already offer $3B for it and was spurned.
dcchicago29 is offline   3 Reply With Quote
Old Feb 7, 2014, 03:18 PM   #19
forthelove
macrumors newbie
 
Join Date: Mar 2013
Quote:
Originally Posted by KdParker View Post
cyber security research community?

What is this commuity exactly?
Good Wizards
forthelove is offline   0 Reply With Quote
Old Feb 7, 2014, 03:34 PM   #20
Nunyabinez
macrumors 6502a
 
Nunyabinez's Avatar
 
Join Date: Apr 2010
Location: Provo, UT
I heard the actual problem was that if the picture you sent was really hot the phone would overheat and go down on you.

(Rimshot)
__________________
27" iMac, 3.4 GHz i7; 15" MBP, 2.53 GHz Core 2 Duo; 13" MBA 1.7 GHz i5; iPad (3rd Gen), 16 GB; iPhone 5S; Hackintosh, 3.4 GHz i7 (2600k)
Nunyabinez is offline   0 Reply With Quote
Old Feb 7, 2014, 04:25 PM   #21
Parasprite
macrumors 65816
 
Parasprite's Avatar
 
Join Date: Mar 2013
I fail to understand the interest people have in Snapchat.
__________________
Has anyone, anywhere, ever actually used ~/Pictures/iPod Photo Cache/ for anything besides deleting or hiding it?
Parasprite is offline   1 Reply With Quote
Old Feb 8, 2014, 12:22 AM   #22
Parasprite
macrumors 65816
 
Parasprite's Avatar
 
Join Date: Mar 2013
Quote:
Originally Posted by bacaramac View Post
I have other apps that can crash as well. Don't really see the issue. I've been in a Game or Facebook and it's caused my phone to restart (display Apple Logo). Heck even Safari has done this.

Maybe I'm missing something, but doesn't really seem like a valid issue, just crappy programing.
Basically someone figured out how to selectively target and crash people's phones, solely because they happen to use Snapchat.
__________________
Has anyone, anywhere, ever actually used ~/Pictures/iPod Photo Cache/ for anything besides deleting or hiding it?
Parasprite is offline   0 Reply With Quote
Old Feb 8, 2014, 01:23 AM   #23
batchtaster
macrumors 6502a
 
Join Date: Mar 2008
All I really know or care about Snapchat is that seeing my 14 year old niece mugging for the camera every 2 minutes as she spent Christmas Day on Snapchat made me want her stupid phone to explode in her stupid face. And for her stupid parents to start parenting her.
batchtaster is offline   0 Reply With Quote
Old Feb 8, 2014, 01:54 AM   #24
0ldsnake1
macrumors newbie
 
Join Date: Oct 2013
Location: Iran
Never used Snapchat, and never will...
0ldsnake1 is offline   0 Reply With Quote
Old Feb 8, 2014, 03:03 AM   #25
japanime
macrumors 65816
 
japanime's Avatar
 
Join Date: Feb 2006
Location: Japan
Quote:
Originally Posted by MacRumors View Post
A vulnerability in the Snapchat app ... can cause the device to freeze and crash
In other words, it's just like iOS 7.
__________________
Put Manga University in your pocket — get our free iPhone app!
japanime is offline   1 Reply With Quote

Reply
MacRumors Forums > News and Article Discussion > MacRumors.com News Discussion

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Similar Threads
thread Thread Starter Forum Replies Last Post
Get the lead out! BBC article about paper confirming link between lead and crime jnpy!$4g3cwk Politics, Religion, Social Issues 24 Apr 24, 2014 07:32 PM
New App Bypasses Snapchat Screenshot Notifications; Snapchat Details Law Enforcement Requests MacRumors iOS Blog Discussion 29 Oct 29, 2013 02:24 PM
Snapchat Launches Update for iOS with New 'Snapchat Stories' Feature MacRumors iOS Blog Discussion 6 Oct 3, 2013 12:59 PM
Denial of Service Prank Crashing iMessage App for Targeted Developers MacRumors Mac Blog Discussion 62 Apr 20, 2013 07:36 AM
Photo Sharing App Snapchat Adds Video, iPhone 5 Support MacRumors iOS Blog Discussion 12 Dec 19, 2012 01:19 PM

Forum Jump

All times are GMT -5. The time now is 06:04 PM.

Mac Rumors | Mac | iPhone | iPhone Game Reviews | iPhone Apps

Mobile Version | Fixed | Fluid | Fluid HD
Copyright 2002-2013, MacRumors.com, LLC