x PhoneArena is hiring! Reviewer in the USA
  • Hidden picShow menu
  • Home
  • News
  • Snapchat comments on alleged exploits that crack the wall of secrecy on the app

Snapchat comments on alleged exploits that crack the wall of secrecy on the app

Snapchat comments on alleged exploits that crack the wall of secrecy on the app
Since August, Gibson Security has been trying to warn Snapchat of an exploit that could match the usernames of Snapchat users, with their phone numbers. For a site that has become wildly popular because photo, video and written messages disappear after ten seconds, the hack could be quite painful. The app has become so red hot that the powers that be allegedly turned down $4 billion for the operation from Google. And that was after the last financing round done in June valued the company at just $800 million.

On Christmas Eve, Gibson Security sent out a tweet containing Snapchat's API and a pair of exploits for the site. This now allows anyone to copy the API and go after the app's 8 million users. Gibson also claims that the metadata can be used with other APIs to "automatically build profiles about users, which could be sold for a lot of money."

The Find Friends exploit, takes a range of phone numbers and matches it up with Snapchat usernames. The Bulk Registration Exploit allows someone to bombard the site with new registrations. Both were known to Snapchat for four months, according to Gibson, and could have been closed with ten lines of code. By reverse-engineering the iOS and Android version of the app, Gibson found the security gaps. Besides this, the company says that Snapchat is not telling the truth when it claims that its users are 70% female.

"[Snapchat could have fixed this] by adding rate limiting; Snapchat can limit the speed someone can do this, but until they rewrite the feature, they're vulnerable. They've had four months, if they can't rewrite ten lines of code in that time they should fire their development team. This exploit wouldn't have appeared if they followed best practices and focused on security (which they should be, considering the use cases of the app)."-Gibson Security

"Theoretically, if someone were able to upload a huge set of phone numbers, like every number in an area code, or every possible number in the U.S., they could create a database of the results and match usernames to phone numbers that way. Over the past year we’ve implemented various safeguards to make it more difficult to do."-Snapchat

Snapchat has released a brief statement saying that it has added safeguards and barriers over the years to prevent an exploit like Find Friends from matching Snapchat usernames with phone numbers. Even if there is nothing to Gibson Security's claims, it should be interesting to see if even the slightest hint of a security breach will negatively affect the value of Snapchat. Wonder if Snapchat wishes that they had accepted Google's money.

Gibson's Christmas Eve tweet revealed the exploits

Gibson's Christmas Eve tweet revealed the exploits

source: @GibsonSec, ZDNet via TechCrunch

  • Options

posted on 29 Dec 2013, 08:57

1. wilsong17 (unregistered)

yea how easy its for a android phone to take a screen shot

posted on 29 Dec 2013, 09:36

2. rodneyej1 (Posts: 3576; Member since: 06 Jul 2013)

They need to hurry up with their official WP app.. Sure WP has a perfectly good Snapchat app, but official is, well, official.

posted on 29 Dec 2013, 10:42

3. AliNSiddiqui (Posts: 382; Member since: 19 Sep 2012)

That's not true... I would rather use 6Sec than Vine official app, I would rather use 6gram than the official Instagram app. I would also rather use myTube than any official youtube app that may ever get released in the future. Also, these apps perform better than even the Android and iOS versions of the app

posted on 29 Dec 2013, 11:15

4. rodneyej1 (Posts: 3576; Member since: 06 Jul 2013)

No, it is true❕ Its not about what you want to use, not about that at all.. When the average consumer considers buying a WP device they want to search for Vine, Instagram, and SnapChat, and find Vine, Instagram, and Snapchat❕ Sure WE know that Rudy's apps are better, but not having official, highly recognized, apps makes WP look unfit in the eyes of the average consumer. Besides, if iDroid can have support from these developers, then what makes you think WP isn't worthy enough for the same kind of attention❔

Want to comment? Please login or register.

Latest stories