Snapchat says it has fixed latest security flaw
A new security snafu hits Snapchat – as does another solution.
Another month, another Snapchat snafu.
In January, it was a hole, exposed by the Australian security group Gibson Security, through which hackers were able to extract the personal information of millions of users. (Snapchat eventually said it would build some "additional counter-measures" to prevent future breaches, although the belated nature of the response was criticized by many industry insiders.)
Now it's a vulnerability in the iOS version of the Snapchat app that could facilitate massive denial-of-service attacks, causing Apple devices to completely crash. According to Jaime Sanchez, the security consultant credited with discovering the vulnerability, the problem is directly linked to the "tokens" used by Snapchat to authenticate the identify of a user.
In an interview with the Los Angeles Times, Mr. Sanchez said old tokens could be used to send new messages. Send enough of those messages, and you could overwhelm a user's operating system altogether. To prove his point, Sanchez borrowed the phone of LA Times tech reporter Salvador Rodriguez.
"Sanchez demonstrated how this works by launching a Snapchat denial-of-service attack on my account," Mr. Rodriguez later wrote. "He sent my account 1,000 messages within five seconds, causing my device to freeze until it finally shut down and restarted itself. Launching a denial-of-service attack on Android devices doesn’t cause those smartphones to crash, but it does slow their speed. It also makes it impossible to use the app until the attack has finished."
For its part, Snapchat has not said whether it was surprised by Sanchez's findings. But it has said the problem is solved.
"We believe we have addressed the issue as early as Friday, and we continue to make significant progress in our efforts to secure Snapchat," a rep for Snapchat told the Huffington Post.