When it comes to security, this hasn't been Snapchat's year. First hackers leaked a massive amount of private user data; then we discovered how dumb easy it is to circumvent Snapchat's anti-robot feature. Now, cyber security researchers have shown that Snapchat can be used to launch a denial-of-service attack that freezes your smartphone, according to the L.A. Times.
Security expert Jaime Sanchez showed the L.A. Times how Snapchat's flawed security system allows hackers to reuse encryption tokens to blast individual users with thousands of messages in a matter of seconds. The tidal wave of messages causes iPhones to freeze and restart; Android devices don't fully reboot, but slow down significantly, preventing users from doing anything else through Snapchat until the thousands of messages have been processed.
Reusing identity tokens could allow spammers to send massive amounts of messages to thousands of users, or launch a focused attack on a single user.
When the L.A. Times contacted Snapchat, the app company wasn't aware of the vulnerability. Given Snapchat's slow response to security alerts in the past, maybe that shouldn't be surprising. More here.
No comments:
Post a Comment