- What is “TikTok including Musical.ly”? Tuesday 8:48 PM
- Video shows driver yelling N-word at Black woman in road rage incident Tuesday 7:40 PM
- A fan gifted Billie Eilish a jacket–it ended up in a thrift store for another fan to find Tuesday 6:49 PM
- Fans are surprisingly hyping Moby up for his new vegan tattoo Tuesday 6:13 PM
- Suspicionless searches of travelers’ electronics ruled unconstitutional Tuesday 5:22 PM
- Facebook testing TikTok clone within Instagram called Reels Tuesday 5:11 PM
- Han Solo shooting scene changed yet again, spawning ‘Maclunkey’ memes Tuesday 4:52 PM
- Facebook bug opened iPhone cameras while users scrolled their feeds Tuesday 4:36 PM
- Black Facebook employees say company racism has ‘gotten worse’ Tuesday 4:01 PM
- This fish with a ‘human face’ is here to give you nightmares Tuesday 3:28 PM
- TikTok’s piercing challenge leaves the fate of your face up to a filter Tuesday 2:54 PM
- Soldiers with top-secret clearance say they were ordered to install a sketchy app Tuesday 2:46 PM
- How to take your Korean beauty routine on the go Tuesday 2:24 PM
- Disney+’s ‘Encore!’ is a love letter to high school theater Tuesday 2:15 PM
- White tourist filmed shouting homophobic, racist slurs Tuesday 1:31 PM
Huge Snapchat security flaw could let hackers shut down your iPhone
Snapchat continues to be a hot mess when it comes to security.
Snapchat has a security vulnerability that could give hackers the ability to disable your iPhone, according to cybersecurity consultant Jaime Sanchez.
Sanchez discovered a weakness in the disappearing photo app that leaves iPhones open to denial-of-service attacks that can shut down a smartphone.
After documenting his discovery in Spanish, Sanchez spoke to the Los Angeles Times about the vulnerability and demonstrated how simple it is to shut down a phone through Snapchat by temporarily crashing a reporter’s iPhone by sending overloading their inbox with messages in about five seconds.
We spoke to Sanchez, who lives in Spain, over Skype. He said he doesn’t use Snapchat, but he started investigating potential security vulnerabilities after reading Gibson Security’s full disclosure report of a previous security flaw. It didn’t take Sanchez long to find a doozy: He realized that there was an issue with Snapchat’s token system that allowed him to send thousands of messages in a matter of seconds.
Unlike Gibson Security, Sanchez did not reach out to Snapchat. “They have the flaws and vulnerabilities,” Sanchez wrote over Skype. “They should be worried about that, not about me.”
Sanchez is right to be dismissive of Snapchat’s security efforts because the company has, at every turn, treated security researchers who have pointed out problems with disrespect. When Gibson Security tried to warn Snapchat about a security violation in 2013, they were ignored. Then, months later, another group hacked Snapchat, exposing the phone numbers of 4.6 million people, using the same vulnerability GibSec tried to get closed up. When that happened, Snapchat CEO Evan Spiegel’s glib apology aggravated feelings of distrust. A more recent security flaw, identified by 16-year-old hacker Graham Smith, was not treated with much respect either. Smith felt his suggestions were ignored and said he did not want to work with Snapchat again if they kept the same attitude. Then another security researcher hacked Snapchat’s security fix in less than a day.
We reached out directly to Snapchat to ask about the most recent issue. “We are working to resolve the issue. For security reasons, we cannot provide detailed information on security countermeasures,” a Snapchat spokesperson wrote via email. A request for more information (of the non-detailed variety) has yet to receive a response.
Unfortunately Sanchez could not recreate the hack for us. When he went to perform the same attack he made on the LA Times, his Snapchat account could not send snaps from either of the phones he used in the original demonstration. When he reset both of the phones and tied to create a new account to test it, he was denied. Sanchez sent the Daily Dot pictures of this ban:
Screenshots via Jaime Sanchez
So Sanchez was unable to perform the attack again, and it looks as if Snapchat is trying to keep him from snapping, at least for the time being while it explores this problem. The other option, of course, is the Snapchat has fixed the problem, but Sanchez believes the problem persists.
Kate Knibbs is a notable tech reporter and pop culture essayist. A former staff writer for the Daily Dot, her work has appeared in Gizmodo, the Ringer, AV Club, Digital Trends, Popular Mechanics, and Time.