Just a month after Snapchat's database leak, the popular photo-sharing app is in the news again for all the wrong reasons. Jaime Sanchez, a cyber security researcher, who works as a security consultant for Spanish telecommunication giant Telefonica, has discovered a flaw within the popular app that can be exploited by hackers to launch a denial-of-service attack and cause an iPhone to crash.
Whenever you attempt to send a message through Snapchat, a security token is generated to verify your identity. According to Sanchez, these security tokens don't expire, which is the root cause of the problem. By reusing old tokens, hackers can send out spam from multiple devices to Snapchat users or launch an attack on specific individuals.
Sanchez demonstrated the attack to the LA Times last week. Using his account, he was able to send 1,000 messages to a reporter's iPhone within five seconds, causing the device to freeze until it crashed. On the other hand, a similar attack on Android devices doesn’t lead to a crash, but it does slow them down.
Sanchez told the newspaper that he, along with a fellow researcher discovered the glitch on their own time. He, however, chose to report the flaw publicly because he thinks that the US-based startup "has no respect for the cyber security research community".
Meanwhile, Snapchat said it was not aware of the problem, and according to Sanchez, the startup has blocked the accounts and IP he used to demonstrate the attack.