Snapchat now a hacker's tool to DOS attack your phone

Researchers say that a new vulnerability spotted on Snapchat can make it a hacker's tool for launching DOS-type attacks on handsets.

Jaime Sanchez, a cyber-security consultant who works for Telefonica, said that he and another researcher have found a potential flaw in the Snapchat app that allows hackers to launch denial-of-service (DOS) attacks on handsets and send many messages to individual users in just a few seconds.

Sending many messages to a user can result in their account clogging and as a result, the Snapchat app can cause the entire device to freeze and crash.

The Snapchat mobile app has garnered high popularity amongst both iPhone and Android devices users. The app allows its user to send another user photos and video messages, which disappears after a few seconds of the recipient opening it.

Sanchez points out that every time a user attempts to send a message using Snapchat, a token made of letters and numbers is generated to verify the sender's identity. However, a hacking tool can allow reusing old tokens to send new messages. Sanchez has also detailed his findings on a Spanish website.

By reusing old tokens, hackers can send high volume of messages. The researcher says that this method can be used by spammers to send messages to multiple users. Sanchez also said that hackers may also launch a cyberattack on an individual.

Sanchez said that he tried the system himself and launched a Snapchat DOS attack by sending 1,000 messages within five seconds to Salvador Rodriguez, a Los Angeles Times reporter. The thousand messages made Rodriguez' device freeze and then finally shut down and restart itself.

The launch of a DOS attack on Android devices does not cause a smartphone to crash; however, it does slow down the speed of a handset and makes it impossible to use the app until the attack has finished.

The researcher said that he did not contact Snapchat on the first instant but contacted Los Angeles Times instead, as he feels that Snapchat does not respect the cyber security research community.

Sanchez pointed out that Snapchat ignored advice on a few occasions from Gibson Security, which predicted that a flaw in the app may be used to expose user data.

On New Year's Eve, hackers exploited that vulnerability of the app, which resulted in the exposure of the user names and phone numbers of around 5 million Snapchat users.

"We are working to resolve the issue and will be reaching out to the security researcher who publicized the attack to learn more," said Snapchat in a statement to TechCrunch.

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion
Real Time Analytics