- iPhone overloaded? Here’s how to cancel app subscriptions Monday 11:02 PM
- Fan-created ‘app’ lets users experience the final moments of the ill-fated Jeremy Renner app Monday 10:00 PM
- Milo Yiannopoulos receives lifetime ban from furry convention Monday 7:49 PM
- Snapchat just made all political ads purchased publicly available Monday 6:12 PM
- How to stream Barcelona vs. Borussia Dortmund in Champions League action Monday 5:39 PM
- How to stream Liverpool vs. Napoli in Champions League action Monday 5:19 PM
- How to make real money with Amazon’s Mechanical Turk Monday 5:03 PM
- How to stream Chelsea vs. Valencia in the Champions League group stage Monday 4:47 PM
- ‘SNL’ fires Shane Gillis for racist, homophobic comments Monday 4:41 PM
- Ben Shapiro wants accusers to describe Brett Kavanaugh’s penis Monday 4:30 PM
- Twitch suspends streamer for wearing Chun-Li cosplay Monday 4:11 PM
- Report: 8 years of Trump tax returns subpoenaed by prosecutors Monday 3:45 PM
- Netflix lands exclusive streaming rights to ‘Seinfeld’ Monday 3:34 PM
- Jenny Slate sets first comedy special at Netflix Monday 3:05 PM
- #EndSmearFear is aiming to save lives Monday 2:54 PM
Be careful who you sext: Snapchat might not be that secure after all
Your Snapchat usernames and phone numbers might be vulnerable, say researchers.
One of upstart photo-sharing service Snapchat‘s biggest selling points is its supposed security—a picture disappears immediately upon being sent, you’re notified if your photo gets screencapped, nothing is public, etc. There have been privacy issues in the past: you could cheat by pressing the home button while you save an image, and you could download a sketchy app that saves photos without notifying your partner.
Now a security advisory posted online earlier this week by the Australia-based white-hat hacker group Gibson Security claims the fledgling social network is far from secure, noting that someone with the requisite know how could collect Snapchat users’ names, email addresses and phone numbers, view and then save someone’s unread messages, send denial of service attacks that could momentarily crippe a user’s device and even completely replace sent images.
The problem, charges Gibson, is in the API used by Snapchat. Basically, an API is the set of instructions that allows one computer program to use data created by another computer program. Taking advantage of what the group called the “find friends exploit,” the group explained that interested parties could gain access to information sent over Snapchat that most users would quite naturally assume is both private and completely secure.
“This vulnerability could hypothetically be used to stalk members of society, such as public figures or the data could even be sold to various firms, with the intent of using it and other data to connect online profiles to people in real life,” explained Gibson Security, which noted that one of its researchers applied for a software developer job at Snapchat offering to fix some of these security flaws, but never got a response.
In addition to noting that their exploration of Snapchat’s API led them to the conclusion that the firm is planning on rolling out native advertising as a first step toward sensitization sometime in the near future (unsurprising given the two-year old company’s recent $860 million valuation), Gibson Security charged that Snapchat’s method of protecting its messages was “possibly one of the least effective modes of encryption.”
Representatives at Snapchat did not immediately respond to request for comment.
“Snapchat [sic] are in a world where some (if not most) of their users are placing trust in the security behind the app,” charged Gibson Security, “they can’t fall short on securing their application.”
This round of criticism isn’t the first time that Snapchat has been slammed for its app’s security being considerably lower than advertised. Late last year, BuzzFeed revealed that Snapchat videos are saved in a device’s cache and, by plugging said device into a computer, users can permanently save unwatched videos to their hard drive.
On top of that, Utah-based Decipher Forensics claimed it has devised a method of recovering previously viewed Snapchat messages, supposedly lost and gone forever, because, according to the forensics experts who figuratively cracked Snapchat’s code, the app doesn’t actually delete pictures and video after being viewed—instead, it merely changes the file extension.
A forensics examiner with Decipher joked that “pictures taken through the basic camera on an Android phone were actually more difficult to trace than the Snapchat photos.”
“The people who most enjoy using Snapchat are those who embrace the spirit and intent of the service,” Snapchat CEO Evan Spiegel countered when Buzzfeed confronted him with the cache issue. “There will always be ways to reverse engineer technology products—but that spoils the fun!”
Aaron Sankin is a former Senior Staff Writer at the Daily Dot who covered the intersection of politics, technology, online privacy, Twitter bots, and the role of dank memes in popular culture. He lives in Seattle, Washington. He joined the Center for Investigative Reporting in 2016.