Snapchat Root of Denial of Service Attack Bug

Oftentimes one of the biggest problems you find with apps that start small and blow up fast, is that even though an application might be approved for the iTunes store, that doesn’t necessarily mean someone at the company hand-combed through every bit of data looking for any holes that might make the phone vulnerable before putting it on the market for everyone to download freely.

This seems to be the case with programs like Snapchat, which start with the best of intentions (primarily allowing you to send questionable pictures to other people without fear of them storing them on a hard drive somewhere), and end up the target of hackers and malware researchers from every corner of the globe imaginable.

The way this particular exploit functions is that for each picture, Snapchat creates an authentication token which is stored on your phone, but doesn’t discriminate as to the number of tokens that can be  created in a certain amount of time before expiring. This means that all an attacker needs to do is use the mass account leak as a source of numbers, and send hundreds of pictures to a device all at once.

This mini-DDOS apparently freezes iPhones and iPads, but only causes those on the Android platform to experience a bit of slowdown while all the images are being simultaneously downloaded to the phone.

(Edit for Johnathan: http://www.youtube.com/watch?v=3JEVY0-iLZA)

Although there aren’t many ideas yet on how a slower phone could be exploited, obviously the ability to reboot someone’s iPad or iPhone by force opens a host of problems for any Apple faithful who want to protect their mobile devices from malicious people who try to break in.

The original author of the article detailing this crack, Seguir Leyendo of Telefonica security services, claims that you can prevent any issues by switching on the “friends-only” option, which disables those without explicit access to you and your friends list the opportunity to launch the crack in the first place.