posted on  by 

Snapchat app is vulnerable to DDoS attack, can crash your iPhone,reacts to it very stubborn.

Filed under  Application Security, IoS - Apple, Security, Security Research, Vulnerability
0

Jamie Sanchez, a security researcher discovered a vulnerability within Snapchat mobile app which can crash your iphone by Denial of Service attack. The vulnerability can enable a hacker to launch DoS attacks which can potentially crash a users phone or requires that the user perform a hard reset.

He further says with a video that “By reusing old tokens, hackers can send massive amounts of messages using powerful computers. This method could be used by spammers to send messages in mass quantities to numerous users, or it could be used to launch a cyber attack on specific individuals

Its also said that Snapchat disabled the security researchers snapchat account showing a sign of unprofessional ism.

Jamie declined to contact Snapchat with his findings because he believes the company has no respect for security research community after ignoring previous app vulnerability reports. He performed a demo to LA Times reporter, bombarded his handset with 1000’s of of messages within 5 seconds froze his phone till he reset his phone.

He also demonstrated this at the Shmoocon conference Washington DC mod of last month. 

Android app is also susceptible to this attack but it doesn’t crash the Android phone.

 

He demonstrates this in his website as follows:

As we can see from the report published by Gibson, the first request is made ​​by calling the function / ph / upload :

{ 
    username :  "youraccount" , 
    timestamp :  1373207221 , 
    req_token :  create_token ( auth_token ,  1373207221 ) 
    media_id :  "YOURACCOUNT~9c0b0193-de58-4b8d-9a09-60039648ba7f" , 
    type :  0 , 
    data :  ENCRYPTED_SNAP_DATA 
}
Then invokes / ph / send the unique identifier for a multimedia file and the list of users that is sent:
{ 
    username :  "youraccount" , 
    timestamp :  1373207221 , 
    req_token :  create_token ( auth_token ,  1373207221 ), 
    media_id :  "YOURACCOUNT~9c0b0193-de58-4b8d-9a09-60039648ba7f" , 
    recipient :  "teamsnapchat,someguy" , 
    time :  5 , 
    zipped :  "0" 
}
So far it seems that everything is normal, except when we start testing. These two functions can be substituted by another only when there is an error uploading the file and send. In this case you use / pg / retry:
{ 
    username :  "youraccount" , 
    timestamp :  1373207221 , 
    req_token :  create_token ( auth_token ,  1373207221 ), 
    media_id :  "YOURACCOUNT~9c0b0193-de58-4b8d-9a09-60039648ba7f" 
    type :  0 , 
    data :  ENCRYPTED_SNAP_DATA , 
    zipped :  "0" , 
    recipient :  "teamsnapchat,someguy" , 
    time :  5 
}
 In principle everything should work exactly the same. You need to provide a valid token and our username.    More on this link
Share Button
Tagged with 

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title="" rel=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>