A security consultant who works for Telefonica has turned up a bug in how Snapchat handles authentication tokens, which enables a denial-of-service attack against users' phones.
It's a simple enough problem, as Jaime Sánchez explains here: the tokens should expire, but don't. As a result, one token can be re-used on many machines, and with a little scripting, all those machines can be instructed to send pics.
“That could let an attacker send spam to the 4.6 million leaked account list in less then one hour”, Sánchez writes. Or, in a DoS scenario, the machines could be instructed to hose a single user.
If the DoS is aimed at an iPhone, he says, it will freeze; Android phones don't seem to lock up completely, but “it does slow their speed. It also makes it impossible to use the app until the attack has finished.”
Below is a YouTube video of the attack, demonstrated against an LA Times reporter's smartphone.
Sánchez claims that rather than fixing the problem or contacting him, Snapchat has blocked the accounts he used to test the vulnerability. ®