Photo messaging app, Snapchat is once again emerging among the hottest trends in today’s online technology news media.
Recent reports are citing about a researcher, disclosing about anew Snapchat flaw that could allow hackers to flood spam messages that eventually would crash an iPhone device.
The newly discovered glitch in the Snapchat app, also dubbed the denial-of-service assault vulnerability, will purportedly let hackers infiltrate the app system then instigate an assault that would cause the iPhone to freeze temporarily.
Jaime Sanchez, a consultant for a Spanish telecommunications firm, Telefonica, is reportedly the researcher behind the discovery and disclosure of the new Snapchat flaw.
Although the researcher has made it clear that he performed the investigation with a colleague, then stumbled upon such discovery while not at work. This makes his firm, Telefonica, not liable for this claim.
According to Sanchez, Snapchat's code contains a flaw that would enable hackers to send thousands of messages to individual iPhone users, in just a matter of seconds. As the user gets such a huge number of messages at one time, the app could become overwhelmed, causing the device to freeze and finally, crash. When this happens, the user will be forced to do a hard reset on the iPhone.
Here are some important phrases of the research claims written by Sanchez in a blog over the weekend.
"I'm able to use a custom script I've created to send snaps to a list of users from several computers at the same time. That could let an attacker send spam to the 4.6 million leaked account list in less then one hour."
"The other problem is that any attacker could just send all the snaps to one user only, as a Denial of Service attack."
For authentication purposes, Snapchat uses security tokens. These tokens are used to prove someone's identity electronically via a password so as to authenticate users. As explicated in Sanchez's blog post, the bug in Snapchat's code would allow hackers to utilize request tokens that have already been used to send new messages to anyone using the iPhone device.
Android Snapchat users however are safe from the newly reported security threat, according to Sanchez.
Sanchez has also demonstrated the assault to the LA Times last week. On that demonstration, he showed how he could utilize his own account to send a thousand of messages to a reporter's iPhone in a matter of seconds. As a result, it had triggered the device to hang until it completely shut down.
After the said demonstration, Snapchat has reportedly blocked all accounts that Sanchez used to demonstrate the denial-of-service attacks.
A detailed findings of Sanchez' research is available in a weekend blog post. No words from the Snapchat team regarding these claims, so far.