Skip to: Content
Skip to: Site Navigation
Skip to: Search


Snapchat says it has fixed latest security flaw

A new security snafu hits Snapchat – as does another solution. 

By Matthew ShaerCorrespondent / February 11, 2014

Snapchat says it has fixed the latest security vulnerability.

Snapchat

Enlarge

Another month, another Snapchat snafu. 

Skip to next paragraph

In January, it was a hole, exposed by the Australian security group Gibson Security, through which hackers were able to extract the personal information of millions of users. (Snapchat eventually said it would build some "additional counter-measures" to prevent future breaches, although the belated nature of the response was criticized by many industry insiders.) 

Now it's a vulnerability in the iOS version of the Snapchat app that could facilitate massive denial-of-service attacks, causing Apple devices to completely crash. According to Jaime Sanchez, the security consultant credited with discovering the vulnerability, the problem is directly linked to the "tokens" used by Snapchat to authenticate the identify of a user. 

In an interview with the Los Angeles Times, Mr. Sanchez said old tokens could be used to send new messages. Send enough of those messages, and you could overwhelm a user's operating system altogether. To prove his point, Sanchez borrowed the phone of LA Times tech reporter Salvador Rodriguez. 

"Sanchez demonstrated how this works by launching a Snapchat denial-of-service attack on my account," Mr. Rodriguez later wrote. "He sent my account 1,000 messages within five seconds, causing my device to freeze until it finally shut down and restarted itself. Launching a denial-of-service attack on Android devices doesn’t cause those smartphones to crash, but it does slow their speed. It also makes it impossible to use the app until the attack has finished."

For its part, Snapchat has not said whether it was surprised by Sanchez's findings. But it has said the problem is solved. 

"We believe we have addressed the issue as early as Friday, and we continue to make significant progress in our efforts to secure Snapchat," a rep for Snapchat told the Huffington Post. 

Permissions

  • Weekly review of global news and ideas
  • Balanced, insightful and trustworthy
  • Subscribe in print or digital

Special Offer

 

Editors' picks

Doing Good

 

What happens when ordinary people decide to pay it forward? Extraordinary change...

Endeavor Global, cofounded by Linda Rottenberg (here at the nonprofit’s headquarters in New York), helps entrepreneurs in emerging markets.

Linda Rottenberg helps people pursue dreams – and create thousands of jobs

She's chief executive of Endeavor Global, a nonprofit group that gives a leg up to budding entrepreneurs.

 
 
Become a fan! Follow us! Google+ YouTube See our feeds!