- Did Britain’s head Brexiter hide in a bus to avoid getting hit by a milkshake? 5 Years Ago
- This woman who thought she saw a handmaid about to jump from a building is very relieved 5 Years Ago
- Michael Avenatti allegedly defrauded Stormy Daniels to pay for a Ferrari 5 Years Ago
- HBO has no plans for an Arya Stark spinoff series Today 3:28 PM
- Republicans and Democrats agree on dangers of facial recognition tech Today 3:18 PM
- Amazon is using video games and ‘swag bucks’ to incentivize workers Today 3:04 PM
- Here’s what’s coming and going on Netflix in June Today 2:46 PM
- This Michael Jackson makeup meme is sweeping TikTok Today 2:45 PM
- Homophobic preacher wants Pete Buttigieg to renounce fisting and rimming Today 2:33 PM
- ‘The Liar, the Snitch, and the War Crimes’: Twitter roasts news of Trump Jr. book deal Today 12:36 PM
- Polar Peak in Fortnite is cracking, and players think a dragon may be beneath the ice Today 12:07 PM
- ‘Rise of Skywalker’ first look reveals mysterious new characters Today 12:00 PM
- Meet the anti-choice, pro-NRA Trump supporter challenging Rep. Justin Amash Today 11:51 AM
- Moby attempts to prove he dated Natalie Portman with a shirtless photo Today 11:39 AM
- After feuding with James Charles, Tati Westbrook angers the YouTube community Today 11:06 AM
Huge Snapchat security flaw could let hackers shut down your iPhone
Snapchat continues to be a hot mess when it comes to security.
Snapchat has a security vulnerability that could give hackers the ability to disable your iPhone, according to cybersecurity consultant Jaime Sanchez.
Sanchez discovered a weakness in the disappearing photo app that leaves iPhones open to denial-of-service attacks that can shut down a smartphone.
After documenting his discovery in Spanish, Sanchez spoke to the Los Angeles Times about the vulnerability and demonstrated how simple it is to shut down a phone through Snapchat by temporarily crashing a reporter’s iPhone by sending overloading their inbox with messages in about five seconds.
We spoke to Sanchez, who lives in Spain, over Skype. He said he doesn’t use Snapchat, but he started investigating potential security vulnerabilities after reading Gibson Security’s full disclosure report of a previous security flaw. It didn’t take Sanchez long to find a doozy: He realized that there was an issue with Snapchat’s token system that allowed him to send thousands of messages in a matter of seconds.
Unlike Gibson Security, Sanchez did not reach out to Snapchat. “They have the flaws and vulnerabilities,” Sanchez wrote over Skype. “They should be worried about that, not about me.”
Sanchez is right to be dismissive of Snapchat’s security efforts because the company has, at every turn, treated security researchers who have pointed out problems with disrespect. When Gibson Security tried to warn Snapchat about a security violation in 2013, they were ignored. Then, months later, another group hacked Snapchat, exposing the phone numbers of 4.6 million people, using the same vulnerability GibSec tried to get closed up. When that happened, Snapchat CEO Evan Spiegel’s glib apology aggravated feelings of distrust. A more recent security flaw, identified by 16-year-old hacker Graham Smith, was not treated with much respect either. Smith felt his suggestions were ignored and said he did not want to work with Snapchat again if they kept the same attitude. Then another security researcher hacked Snapchat’s security fix in less than a day.
We reached out directly to Snapchat to ask about the most recent issue. “We are working to resolve the issue. For security reasons, we cannot provide detailed information on security countermeasures,” a Snapchat spokesperson wrote via email. A request for more information (of the non-detailed variety) has yet to receive a response.
Unfortunately Sanchez could not recreate the hack for us. When he went to perform the same attack he made on the LA Times, his Snapchat account could not send snaps from either of the phones he used in the original demonstration. When he reset both of the phones and tied to create a new account to test it, he was denied. Sanchez sent the Daily Dot pictures of this ban:
Screenshots via Jaime Sanchez
So Sanchez was unable to perform the attack again, and it looks as if Snapchat is trying to keep him from snapping, at least for the time being while it explores this problem. The other option, of course, is the Snapchat has fixed the problem, but Sanchez believes the problem persists.
Kate Knibbs is a notable tech reporter and pop culture essayist. A former staff writer for the Daily Dot, her work has appeared in Gizmodo, the Ringer, AV Club, Digital Trends, Popular Mechanics, and Time.