Snapchat comments on alleged exploits that crack the wall of secrecy on the app

Snapchat comments on alleged exploits that crack the wall of secrecy on the app
Since August, Gibson Security has been trying to warn Snapchat of an exploit that could match the usernames of Snapchat users, with their phone numbers. For a site that has become wildly popular because photo, video and written messages disappear after ten seconds, the hack could be quite painful. The app has become so red hot that the powers that be allegedly turned down $4 billion for the operation from Google. And that was after the last financing round done in June valued the company at just $800 million.

On Christmas Eve, Gibson Security sent out a tweet containing Snapchat's API and a pair of exploits for the site. This now allows anyone to copy the API and go after the app's 8 million users. Gibson also claims that the metadata can be used with other APIs to "automatically build profiles about users, which could be sold for a lot of money."

The Find Friends exploit, takes a range of phone numbers and matches it up with Snapchat usernames. The Bulk Registration Exploit allows someone to bombard the site with new registrations. Both were known to Snapchat for four months, according to Gibson, and could have been closed with ten lines of code. By reverse-engineering the iOS and Android version of the app, Gibson found the security gaps. Besides this, the company says that Snapchat is not telling the truth when it claims that its users are 70% female.


Snapchat has released a brief statement saying that it has added safeguards and barriers over the years to prevent an exploit like Find Friends from matching Snapchat usernames with phone numbers. Even if there is nothing to Gibson Security's claims, it should be interesting to see if even the slightest hint of a security breach will negatively affect the value of Snapchat. Wonder if Snapchat wishes that they had accepted Google's money.

Gibson's Christmas Eve tweet revealed the exploits

Gibson's Christmas Eve tweet revealed the exploits


source: @GibsonSec, ZDNet via TechCrunch

FEATURED VIDEO

4 Comments

1. wilsong17 unregistered

yea how easy its for a android phone to take a screen shot

2. rodneyej1

Posts: 3576; Member since: Jul 06, 2013

They need to hurry up with their official WP app.. Sure WP has a perfectly good Snapchat app, but official is, well, official.

3. AliNSiddiqui

Posts: 382; Member since: Sep 19, 2012

That's not true... I would rather use 6Sec than Vine official app, I would rather use 6gram than the official Instagram app. I would also rather use myTube than any official youtube app that may ever get released in the future. Also, these apps perform better than even the Android and iOS versions of the app

4. rodneyej1

Posts: 3576; Member since: Jul 06, 2013

No, it is true❕ Its not about what you want to use, not about that at all.. When the average consumer considers buying a WP device they want to search for Vine, Instagram, and SnapChat, and find Vine, Instagram, and Snapchat❕ Sure WE know that Rudy's apps are better, but not having official, highly recognized, apps makes WP look unfit in the eyes of the average consumer. Besides, if iDroid can have support from these developers, then what makes you think WP isn't worthy enough for the same kind of attention❔

Latest Stories

This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at https://www.parsintl.com/phonearena or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit https://www.parsintl.com/ for samples and additional information.