Customer Relationship Management News NewsFactor Sites:       NewsFactor.com     Enterprise Security Today     CRM Daily     Business Report     Sci-Tech Today  
   
Home CRM Systems Customer Service Contact Centers Business Intelligence More Topics...
GET RECOGNIZED
Let an ISACA® certification elevate your career.
Register today and save
You are here: Home / Apple/Mac / Snapchat Attack Can Crash iPhones
DDoS Protection Powered By Verisign
Snapchat Attack Can Freeze, Crash iPhones
Snapchat Attack Can Freeze, Crash iPhones
By Jennifer LeClaire / CRM Daily Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
PUBLISHED:
FEBRUARY
10
2014


Snapchat is still vulnerable to hackers -- and that could mean bad news for iPhone users. Jamie Sanchez, a security researcher who first discovered the flaw in the popular picture messaging app, said Snapchat opens the iPhone up to denial-of-service attacks that can cause the device to freeze and crash.

“Snapchat uses security tokens for authentication,” he wrote in a blog post. “Security tokens are used to prove one's identity electronically, in place of a password, to prove that the customer is who they claim to be, so they don't have to exchange the original password that may be captured by attackers.”

As Sanchez explained it, a token is created any time you make a request to Snapchat to update your contact list, add someone, send a snap, etc. The “request token” is based on your password and a timestamp, among other things. The problem is that the tokens don’t expire like they should.

Android Not Immune

“I've been using for the attack one token create almost one month ago. So, I'm able to use a custom script I've created to send snaps to a list of users from several computers at the same time,” Sanchez said. “That could let an attacker send spam to the 4.6 million leaked account list in less then one hour.”

But that’s not the only problem. According to Sanchez, any attacker could just send all the snaps to one user only as a denial of service attack. That could crash the iPhone and force a restart to free the phone from the attacker’s grip. Apparently, the attack only crashes on iPhones -- not Android-powered devices. But Sanchez said the attack does slow down Android phones to the point where it’s impossible to use the device until the attack is over.

Sanchez does have some good news: If you have friends-only settings, and the attacker is not in your friend list, it shouldn't affect you.

Irresponsible Disclosure

We caught up with Chester Wisniewski, a senior security advisor at Sophos, to get his take on the Snapchat issue. He told us he’s not surprised there was another flaw discovered in Snapchat seeing as the company’s attitude toward security seems to be more reactive than proactive. But Wisniewski takes exception to how Sanchez handled the disclosure.

“Yes, it is never fair to publicly disclose flaws without giving the company the opportunity to respond,” Wisniewski said. “It is imperative that zero-day vulnerabilities in applications are handled carefully and respectfully if you want to consider yourself a researcher rather than an anarchist. Public disclosure without notification leads to innocent people being harmed and generally does not achieve anything positive for the user nor the security community.”

As Wisniewski sees it, the fix for Snapchat should be reasonably simple -- but it may require an update to its phone applications, which may take a bit of time to test and get approved by the application markets. He advised Snapchat users to check their privacy settings and not accept Snaps from users who are not their friends and not to blindly accept new friend requests.

Tell Us What You Think
Comment:

Name:

Like Us on FacebookFollow Us on Twitter
TOP STORIES NOW
MAY BE OF INTEREST
Salesforce.com is the market and technology leader in Software-as-a-Service. Its award-winning CRM solution helps 82,400 customers worldwide manage and share business information over the Internet. Experience CRM success. Click here for a FREE 30-day trial.
MORE IN APPLE/MAC
Product Information and Resources for Technology You Can Use To Boost Your Business

Network Security Spotlight
Dairy Queen Latest Retailer To Report Hack
Known for its hot fries and soft-serve ice cream, Dairy Queen just made cyber history as the latest victim of a hack attack. The fast food chain said that customer data at some stores may be at risk.
 
Lessons from the JPMorgan Chase Cyberattack
JPMorgan Chase is investigating a likely cyberattack. The banking giant is cooperating with law enforcement, including the FBI, to understand what data hackers may have obtained.
 
Who Is the Hacker Group Lizard Squad?
Are they dangerous or just obnoxious? That’s what many are wondering about the hacker group Lizard Squad, which tweeted out a bomb threat that grounded a flight with a Sony exec aboard.
 

Enterprise Hardware Spotlight
Intel Intros Lightning-Fast PC Processors
Call it extreme. Intel just took the covers off its first-ever eight-core desktop processor, which is aimed at hardcore power users who expect more than the status quo from their computers.
 
HP Previews ProLiant Gen9 Data Center Servers
Because traditional data center and server architectures are “constraints” on businesses, HP is releasing new servers aimed at faster, simpler and more cost-effective delivery of computing services.
 
Apple Set To Release Largest iPad Ever
Tech giant Apple seems to have adopted the mantra “go big or go home.” The company is planning to introduce its largest iPad ever: a 12.9-inch behemoth that will dwarf its largest existing models.
 

Mobile Technology Spotlight
Samsung Maps Its Way with Nokia's 'Here' App for Galaxy Phones
Korean electronics giant Samsung has opted to license Here, Nokia’s mapping app -- formerly known as Nokia Maps -- for its Tizen-powered smart devices and Samsung Gear S wearable.
 
Will iPhone Finally Catch Up with NFC Mobile Payment Ability?
Apple's latest version of the iPhone may have a mobile wallet to pay for purchases with a tap of the phone. The iPhone 6 reportedly is equipped with near-field communication (NFC) technology.
 
Visual Search To Shop: Gimmick or Game Changing?
Imagine using your phone to snap a photo of the cool pair of sunglasses your friend is wearing and instantly receiving a slew of information about the shades along with a link to order them.
 

Navigation
CRM Daily
Home/Top News | CRM Systems | Customer Service | Contact Centers | Business Intelligence | Sales & Marketing | Customer Data | CRM Press Releases
NewsFactor Network Enterprise I.T. Sites
NewsFactor Technology News | Enterprise Security Today | CRM Daily

NewsFactor Business and Innovation Sites
Sci-Tech Today | NewsFactor Business Report

NewsFactor Services
FreeNewsFeed | Free Newsletters

About NewsFactor Network | How To Contact Us | Article Reprints | Careers @ NewsFactor | Services for PR Pros | Top Tech Wire | How To Advertise

Privacy Policy | Terms of Service
© Copyright 2000-2014 NewsFactor Network. All rights reserved. Article rating technology by Blogowogo. Member of Accuserve Ad Network.