With great power comes great responsibility, and as Snapchat continues to grow rapidly, security researchers grow increasingly interested in the security of the platform.
Security researcher Jamie Sanchez has today exposed a vulnerability within Snapchat that opens up the app to a denial-of-service attack. By overloading an inbox with messages, hackers can freeze and crash the iPhone, requiring the user to reset their device. For Android devices, the attack doesn’t crash the device, but does make it noticeably slower, according to the Los Angeles Times.
“We are working to resolve the issue and will be reaching out to the security researcher who publicized the attack to learn more,” said Snapchat in a statement.
The original report explains that hackers can reuse tokens (that are generated by the app to verify user identity) to send hundreds of messages within seconds, which could be used by spammers to take down large groups of Snapchat users, or individual accounts.
Sanchez notified the Los Angeles Times of the vulnerability before notifying Snapchat, claiming that Snapchat “has no respect for the cyber security research community.”
And he kind of has a point.
Over the holidays, Snapchat was notified by security researchers that a security hole opened up the app to hackers who might want to expose user data. When the notification was ignored, hackers proceeded to publish the phone numbers of 4.6 million users to prove their point.
If you want to see the DoS go down, the LATimes has a demo video of the attack right here.
We’ve reached out to Sanchez for clarity, and will update the post as soon as we know more.