(Ping! Zine Web Tech Magazine) – A new Snapchat vulnerability has been uncovered showing how the iOS version of the photo sharing app is prone to DDoS attacks.
The security flaw was discovered by Spanish researcher Jaimie Sanchez, in which he showed how devices can easily freeze and crash by sending 1,000 messages in five seconds to a reporter’s iPhone, reports PC Mag.
Snapchat uses token to authenticate users, which do not expire, letting attackers spam users.
“A token is created any time you make a request to Snapchat to update your contact list, add someone, send a snap etc.” Sanchez wrote in a blog. “The problem is that tokens doesn’t expire. I’ve been using for the attack one token create[d] almost one month ago. So, I’m able to use a custom script I’ve created to send snaps to a list of users from several computers at the same time. That could let an attacker send spam to the 4.6 million leaked account list in less then one hour.”
iPhone users are at the highest risk of an attack, with Android users at the lowest.