Archives for 

snapchat hack

Snapchat app is vulnerable to DDoS attack, can crash your iPhone,reacts to it very stubborn.

Jamie Sanchez, a security researcher discovered a vulnerability within Snapchat mobile app which can crash your iphone by Denial of Service attack. The vulnerability can enable a hacker to launch DoS attacks which can potentially crash a users phone or requires that the user perform a hard reset.

He further says with a video that “By reusing old tokens, hackers can send massive amounts of messages using powerful computers. This method could be used by spammers to send messages in mass quantities to numerous users, or it could be used to launch a cyber attack on specific individuals

Its also said that Snapchat disabled the security researchers snapchat account showing a sign of unprofessional ism.

Jamie declined to contact Snapchat with his findings because he believes the company has no respect for security research community after ignoring previous app vulnerability reports. He performed a demo to LA Times reporter, bombarded his handset with 1000’s of of messages within 5 seconds froze his phone till he reset his phone.

He also demonstrated this at the Shmoocon conference Washington DC mod of last month. 

Android app is also susceptible to this attack but it doesn’t crash the Android phone.

 

He demonstrates this in his website as follows:

As we can see from the report published by Gibson, the first request is made ​​by calling the function / ph / upload :

{ 
    username :  "youraccount" , 
    timestamp :  1373207221 , 
    req_token :  create_token ( auth_token ,  1373207221 ) 
    media_id :  "YOURACCOUNT~9c0b0193-de58-4b8d-9a09-60039648ba7f" , 
    type :  0 , 
    data :  ENCRYPTED_SNAP_DATA 
}

Then invokes / ph / send the unique identifier for a multimedia file and the list of users that is sent:
{ 
    username :  "youraccount" , 
    timestamp :  1373207221 , 
    req_token :  create_token ( auth_token ,  1373207221 ), 
    media_id :  "YOURACCOUNT~9c0b0193-de58-4b8d-9a09-60039648ba7f" , 
    recipient :  "teamsnapchat,someguy" , 
    time :  5 , 
    zipped :  "0" 
}
So far it seems that everything is normal, except when we start testing. These two functions can be substituted by another only when there is an error uploading the file and send. In this case you use / pg / retry:
{ 
    username :  "youraccount" , 
    timestamp :  1373207221 , 
    req_token :  create_token ( auth_token ,  1373207221 ), 
    media_id :  "YOURACCOUNT~9c0b0193-de58-4b8d-9a09-60039648ba7f" 
    type :  0 , 
    data :  ENCRYPTED_SNAP_DATA , 
    zipped :  "0" , 
    recipient :  "teamsnapchat,someguy" , 
    time :  5 
}
 In principle everything should work exactly the same. You need to provide a valid token and our username.    More on this link
Share Button

Snapchat’s New Security Feature ‘Snap-tcha’ Hacked In Minutes

The famous Android and IoS app Snapchat started to gain a lot of attention last year when CEO and Co-founder Evan Spiegel rejected the purchase offers from some of the big giants like Google ($4 billion) and Facebook ($3 billion). Snapchat made news again yesterday and it is not all good news again this time. After […]
Share Button
Continue reading →

Snapchat 4.6 million accounts Exposed – Gift to Snap Chat from SnapchatDB.info for 2014

Recently we published an article of Snapchat vulnerability which was not patched and this was on the news for a while. With start of 2014, hackers targeted Snapchat and exposed 4.6M phone numbers and usernames online at snapchatdb.info. If you are one of them then you may check at http://lookup.gibsonsec.org/ SnapchatDB, an unofficial site run by […]
Share Button
Continue reading →