- Social media companies continue to fail to police fake behavior, study finds 6 Years Ago
- Despite changes, the YouTube 2019 Rewind video is still massively disliked 6 Years Ago
- ‘Home for Christmas’ brings a needed sharp edge to Christmas rom-com season 6 Years Ago
- Joe Biden seemingly called a voter ‘fat’—but his campaign denies it Today 9:30 AM
- The decade in internet scamming Today 9:00 AM
- Bernie Sanders unveils ‘high-speed internet for all’ plan Today 8:59 AM
- Hulu’s ‘Into the Dark’ scores with Christmas-themed ‘A Nasty Piece of Work’ Today 6:00 AM
- West Virginia corrections employees suspended after Nazi salute photo surfaces Thursday 8:02 PM
- Here are the 15 best Eddie Murphy movies available to stream Thursday 7:56 PM
- Ex-InfoWars video editor admits to making up Islamophobic stories Thursday 6:55 PM
- WhatsApp accounts deleted amid Kashmir internet blackout Thursday 6:21 PM
- Guy gets mocked for tattoo of Baby Yoda drinking White Claw Thursday 6:18 PM
- Spotify Wrapped has people asking just how much it knows about us Thursday 5:50 PM
- Instagram account allegedly asked for inappropriate photos of children Thursday 5:16 PM
- How to stream ‘Boys vs. Bears on Thursday Night Football Thursday 4:33 PM
Be careful who you sext: Snapchat might not be that secure after all
Your Snapchat usernames and phone numbers might be vulnerable, say researchers.
One of upstart photo-sharing service Snapchat‘s biggest selling points is its supposed security—a picture disappears immediately upon being sent, you’re notified if your photo gets screencapped, nothing is public, etc. There have been privacy issues in the past: you could cheat by pressing the home button while you save an image, and you could download a sketchy app that saves photos without notifying your partner.
Now a security advisory posted online earlier this week by the Australia-based white-hat hacker group Gibson Security claims the fledgling social network is far from secure, noting that someone with the requisite know how could collect Snapchat users’ names, email addresses and phone numbers, view and then save someone’s unread messages, send denial of service attacks that could momentarily crippe a user’s device and even completely replace sent images.
The problem, charges Gibson, is in the API used by Snapchat. Basically, an API is the set of instructions that allows one computer program to use data created by another computer program. Taking advantage of what the group called the “find friends exploit,” the group explained that interested parties could gain access to information sent over Snapchat that most users would quite naturally assume is both private and completely secure.
“This vulnerability could hypothetically be used to stalk members of society, such as public figures or the data could even be sold to various firms, with the intent of using it and other data to connect online profiles to people in real life,” explained Gibson Security, which noted that one of its researchers applied for a software developer job at Snapchat offering to fix some of these security flaws, but never got a response.
In addition to noting that their exploration of Snapchat’s API led them to the conclusion that the firm is planning on rolling out native advertising as a first step toward sensitization sometime in the near future (unsurprising given the two-year old company’s recent $860 million valuation), Gibson Security charged that Snapchat’s method of protecting its messages was “possibly one of the least effective modes of encryption.”
Representatives at Snapchat did not immediately respond to request for comment.
“Snapchat [sic] are in a world where some (if not most) of their users are placing trust in the security behind the app,” charged Gibson Security, “they can’t fall short on securing their application.”
This round of criticism isn’t the first time that Snapchat has been slammed for its app’s security being considerably lower than advertised. Late last year, BuzzFeed revealed that Snapchat videos are saved in a device’s cache and, by plugging said device into a computer, users can permanently save unwatched videos to their hard drive.
On top of that, Utah-based Decipher Forensics claimed it has devised a method of recovering previously viewed Snapchat messages, supposedly lost and gone forever, because, according to the forensics experts who figuratively cracked Snapchat’s code, the app doesn’t actually delete pictures and video after being viewed—instead, it merely changes the file extension.
A forensics examiner with Decipher joked that “pictures taken through the basic camera on an Android phone were actually more difficult to trace than the Snapchat photos.”
“The people who most enjoy using Snapchat are those who embrace the spirit and intent of the service,” Snapchat CEO Evan Spiegel countered when Buzzfeed confronted him with the cache issue. “There will always be ways to reverse engineer technology products—but that spoils the fun!”
Aaron Sankin is a former Senior Staff Writer at the Daily Dot who covered the intersection of politics, technology, online privacy, Twitter bots, and the role of dank memes in popular culture. He lives in Seattle, Washington. He joined the Center for Investigative Reporting in 2016.