More Woes For Snapchat: Vulnerability Allows Hackers To Launch Spam And DDoS Attacks On Snapchat User’s Devices

There was a moment there when the Snapchat guys were feeling pretty hot. Their mobile app was exploding in popularity, and Facebook practically begged to buy the service for a cool, but the company rejected the $1 billion offer--and then the $3 billion offer Facebook made thereafter.

You could call it chutzpah or hubris, but hey, Mark Zuckerberg turned down insanely lucrative offers for Facebook when he was just a pup, and he went on to build an empire. So there’s some precedent there, but Snapchat probably wasn’t counting on the wildcard problem of being repeatedly hacked to smithereens, which doesn’t help much when you’re trying to grow your popularity.

Snapchat exploit
Credit: Jaime Sanchez

Over the holidays, Snapchat was hit with an exploit and saw some 4.6 million usernames and phone service stolen from its database. After weakly adjusting the Find Friends feature that supposedly bore the vulnerability and barely apologizing, one would hope that Snapchat would have learned its lesson and made sure that there were no more holes in its service.

Nope. A security researcher for Telefonica named Jaime Sanchez found another vulnerability that allows you to re-use old tokens to send new messages. Ostensibly, you could launch massive spam attacks of targeted DDoS attacks to individuals this way.

Snapchat sad
Credit: Jaime Sanchez

Sanchez demonstrated the exploit to the L.A. Times. With consent, he sent 1,000 messages in 5 seconds to reporter Salvador Rodriguez’ account, which crashed his iPhone. Android phones apparently won’t crash with the attack, but they will significantly slow down, and the app itself becomes crippled.

Snapchat raised the ire of the cybersecurity community with its wilful ignorance of the vulnerability researchers found over the holidays; chances are, this isn’t the last Snapchat exploit we’ll be hearing about. We wonder if that $3 billion buyout offer from Facebook sounds any more enticing now.
Via:  L.A. Times
Post a Comment
or Register to comment