Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

12/27/2013
04:37 PM
50%
50%

Researchers Reveal Snapchat Security Issues

Security researchers release proof-of-concept code for issues they say they disclosed months ago to Snapchat

Snapchat, the popular photo messaging service, got a visit from the privacy Grinch this Christmas season after researchers released details of an exploit that abuses Snapchat's "Find My Friends" feature.

The visit was the work of Gibson Security, which first notified Snapchat of this and other security issues back in August. According to the group, Snapchat did not respond, compelling Gibson Security to publicly release more details and some proof-of-concept code on Christmas Eve. The first target: Snapchat's Find My Friends feature.

Typically, Find My Friends enables users to look up their friends' usernames by uploading the phone numbers in their devices' address book and searching for accounts that match those numbers. The researchers, however, were able to abuse that capability to do that on a massive scale.

"We did some back-of-the-envelope calculations based on some number crunching we did (on an unused range of numbers)," the researchers state in their advisory. "We were able to crunch through 10 thousand phone numbers (an entire sub-range in the American number format (XXX) YYY-ZZZZ - we did the Z's) in approximately 7 minutes on a gigabit line on a virtual server. Given some asynchronous optimizations, we believe that you could potentially crunch through that many in as little as a minute and a half (or, as a worst case, two minutes). This means you'd be railing through as many as 6666 phone numbers a minute (or, in our worst case, 5000!)."

Gibson Security did not immediately respond to a request for comment from Dark Reading. However, in an email with ZDNet, researchers say an attacker could use the Snapchat API to write an automated program that generates phone numbers and searches them against the Snapchat database as a step toward building a database of social networking profiles that could be sold to others.

"Hopping through the particularly ‘rich’ area codes of America, potential malicious entities could create large databases of phone numbers and corresponding Snapchat accounts in minutes," the researchers wrote.

The researchers also presented proof-of-concept code for the bulk registration of accounts. The issue takes advantage of what the researchers say in their advisory is "lax registration functionality."

"The mass registration exploit could be used to create thousands of accounts, which could be used for speeding up the above process, or possibly for spam," Gibson Security told ZDNet.

Snapchat did not respond to a request for comment from Dark Reading.

Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Brian Prince is a freelance writer for a number of IT security-focused publications. Prior to becoming a freelance reporter, he worked at eWEEK for five years covering not only security, but also a variety of other subjects in the tech industry. Before that, he worked as a ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
7 Truths About BEC Scams
Ericka Chickowski, Contributing Writer,  6/13/2019
DNS Firewalls Could Prevent Billions in Losses to Cybercrime
Curtis Franklin Jr., Senior Editor at Dark Reading,  6/13/2019
Can Your Patching Strategy Keep Up with the Demands of Open Source?
Tim Mackey, Principal Security Strategist, CyRC, at Synopsys,  6/18/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-3896
PUBLISHED: 2019-06-19
A double-free can happen in idr_remove_all() in lib/idr.c in the Linux kernel 2.6 branch. An unprivileged local attacker can use this flaw for a privilege escalation or for a system crash and a denial of service (DoS).
CVE-2019-3954
PUBLISHED: 2019-06-19
Stack-based buffer overflow in Advantech WebAccess/SCADA 8.4.0 allows a remote, unauthenticated attacker to execute arbitrary code by sending a crafted IOCTL 81024 RPC call.
CVE-2019-10085
PUBLISHED: 2019-06-19
In Apache Allura prior to 1.11.0, a vulnerability exists for stored XSS on the user dropdown selector when creating or editing tickets. The XSS executes when a user engages with that dropdown on that page.
CVE-2019-11038
PUBLISHED: 2019-06-19
When using gdImageCreateFromXbm() function of gd extension in versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6, it is possible to supply data that will cause the function to use the value of uninitialized variable. This may lead to disclosing contents of the stack that has been ...
CVE-2019-11039
PUBLISHED: 2019-06-19
Function iconv_mime_decode_headers() in versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6 may perform out-of-buffer read due to integer overflow when parsing MIME headers. This may lead to information disclosure or crash.