Snapchat says it has addressed a vulnerability in the popular photo and video sharing app that could allow hackers to render an iPhone or Android device useless by sending users thousands of messages in seconds.
Jaime Sanchez, a noted cyber-security consultant with major telecommunications company Telefonica, brought the vulnerability to the attention of the Los Angeles Times last week. He demonstrated the security snafu by crashing a reporter's iPhone by overloading it with about 1,000 messages in just five seconds.
The exploit also works on Android phones, but PC Mag reports that it is not capable of crashing those devices, although it does make them extremely slow.
"We believe we have addressed the issue as early as Friday, and we continue to make significant progress in our efforts to secure Snapchat," a Snapchat representative told The Huffington Post about Sanchez's discovery. However, the company has yet to detail exactly how it addressed the issue.
Sanchez told the LA Times he brought the security flaw to the attention of the press before he brought it to the company, arguing that Snapchat “has no respect for the cyber security research community.”
As TechCrunch notes, Sanchez seems to have a point, considering many still fault Snapchat for an incident that occurred over the holidays in which the data and information of 4.6 million Snapchat users was published to an online database.
Security researchers who had previously warned the app makers of a security hole were responsible for that attack, and many blamed the company for not responding when it should have. Snapchat came under fire for its flippant response to the incident that didn’t immediately include an apology to its users.
Sanchez on Saturday tweeted that Snapchat had blocked the two accounts he used to test the recent hack, as well as the Internet protocol address he uses. He tweeted a photo of the error message he received along with the note, “That’s their countermeasure.”
Snapchat has been able to avoid the public scrutiny on this particular vulnerability since no users were directly affected by the exploit. It's unclear at this time if the exploit can still be used by hackers.