If exploited, attackers can send thousands of messages to individual users in less than three seconds, overwhelming and disabling an iPhone and eventually causing it to freeze up entirely and crash.
Snapchat, which allows users to send messages (pictures and video) to others that self-delete after a few seconds, uses a token system (letters and numbers) which verifies the sender's identity. The flaw lets hackers reuse old tokens to send new messages. Depending on the system you have, you can send thousands of messages using the flaw.
The startup company has been arrogant in the past and it has led to a personal data leak for 4.2 million users. Snapchat responded to Sanchez by blocking his accounts and his IP address.
My two accounts and IPs involved in the research of the Snapchat DoS has been banned. That's their countermeasure... pic.twitter.com/W5XOkkkQNc-- Jaime Sanchez (@segofensiva) February 8, 2014
Written by: Andre Yoskowitz @ 8 Feb 2014 22:08