- People are roasting this ‘traditional’ take on marriage with a hilarious meme Saturday 5:17 PM
- The internet just collectively realized that the Neopets of the world must be hungry Saturday 4:00 PM
- Alt-right message board 8chan was served a search warrant Saturday 3:06 PM
- O.J. Simpson just joined Twitter in the most bizarre fashion Saturday 1:20 PM
- Prominent phone-hacking firm says it can unlock any iPhone for law enforcement Saturday 12:39 PM
- Hundreds of police officers belong to extremist Facebook groups, investigation finds Saturday 9:31 AM
- How to watch Tyson Fury vs. Tom Schwarz online Saturday 8:00 AM
- ‘Late Night’ is a disappointing, tepid comedy Saturday 7:00 AM
- How to stream ‘Love It or List It’ for free Saturday 7:00 AM
- How to watch the 2019 Concacaf Gold Cup online for free Saturday 6:55 AM
- Borderlands 3 preview suggests the aging series can still hang with the cool kids Saturday 6:30 AM
- How to stream the 2019 College World Series for free Saturday 6:00 AM
- Police try to solve domestic violence by giving victims blunt kitchen knives Friday 5:40 PM
- Privacy activist Ola Bini detained for 2 months in Ecuador without charges Friday 5:01 PM
- Twitter says suspending ‘God’ for a pro-LGBTQ tweet was an ‘error’ Friday 4:14 PM
Snapchat grudgingly admits your username could ‘theoretically’ be exposed
Snapchat has something to say about all this security buzz.
Snapchat’s most recent blog post addresses the recent security hole exposed by hacker collective Gibson Security. Kind of. “We recently added additional counter-measures and continue to make improvements to combat spam and abuse,” the app’s blog post reads. Unfortunately many questions and much skepticism remain.
Gibson Security’s “Find Friends” exploit outlines how to match Snapchat users with their phone numbers, something Snapchat does not allow. In other words, if you input your phone number so friends can find you on Snapchat, you were leaving yourself open to having your number and your username linked together, and opening yourself up to spam (and potential ridicule)… until this problem was fixed.
Snapchat described how this “Find Friends” exploit could expose every user’s phone number, but it wasn’t exactly a mea culpa. “Theoretically, if someone were able to upload a huge set of phone numbers, like every number in an area code, or every possible number in the U.S., they could create a database of the results and match usernames to phone numbers that way,” the blog post admits. But the team didn’t go into detail about what kind of counter-measures they implemented, or acknowledge Gibson Security’s role in bringing this issue to light (this isn’t the first time the Australian hacker group has pointed out Snapchat’s security problems, either).
Daily Dot talked to Gibson Security via email after the team published its findings, and they noted that Snapchat did not reach out to them as of the day of the blog post (December 27). It’s strange that a social network would ignore the people exposing their security problems, but certainly not unprecedented; you may recall the time a hacker actually broke into Mark Zuckerberg’s personal Facebook wall to complain about a bug after earlier attempts to communicate failed.
Snapchat updates its blog sparingly; often, the posts are remarkably thoughtful reflections from house researcher Nathan Jurgenson. Sometimes the team responds to controversy, as it did last May after ways to resurrect snaps were discovered. But the company is reticent when it comes to addressing complaints, and this instance appears no different—Snapchat did not respond to Daily Dot’s request for comment on this blog post or when news of the security issues first broke. Since the team hasn’t elaborated, it’s unclear exactly how Snapchat has safeguarded itself against the “Find Friends” exploit—or if it took 10 lines of code, as Gibson Security said it would.
Publishing the exploits might’ve been a bit of a grey hat act on Gibson Security’s part, but it exposed a very real security flaw, even though Snapchat’s trying to minimize it by characterizing the issue as something confined to the theoretical. Snapchat’s decision to privilege intimacy and private sharing has been a refreshing antidote to the data aggregating philosophies of some of the other popular social apps, and it’s disappointing that the company’s progressive thinking doesn’t extend to its treatment of hackers.
Photo via The Ithacan/Flickr
Kate Knibbs is a notable tech reporter and pop culture essayist. A former staff writer for the Daily Dot, her work has appeared in Gizmodo, the Ringer, AV Club, Digital Trends, Popular Mechanics, and Time.