- Actor Amanda Seales pushes back on #FreeRodneyReed movement Monday 10:58 PM
- Netflix thriller ‘Earthquake Bird’ can’t solve its own mystery Monday 4:45 PM
- Goop is selling an expensive ‘restraining arts’ BDSM kit Monday 4:17 PM
- Body positivity actress Lili Reinhart calls out Photoshopping app Monday 3:42 PM
- ‘Rick and Morty’ zeroes in on connections and leans into familiar territory Monday 3:30 PM
- People are sharing photos of how much they’ve changed in a decade Monday 2:30 PM
- A few of our favorite things on Newegg are on sale for Black Friday Monday 2:15 PM
- Disney adds ‘Bob’s Burgers’ movie back to release schedule after accidentally yanking it Monday 2:02 PM
- Ocasio-Cortez launches petition demanding Stephen Miller’s resignation Monday 1:24 PM
- Prince Andrew’s defense against child sex crimes stokes conspiracy theory flames Monday 1:20 PM
- More people may be looking to cancel Disney+ than Netflix Monday 1:09 PM
- Monday Night Football: How to stream Chiefs vs. Chargers live Monday 1:00 PM
- After days of deadly protests, Iran implements ‘largest internet shutdown ever’ Monday 12:55 PM
- ‘Disney Plus and thrust’ is apparently the new Netflix and Chill Monday 12:32 PM
- Woman fired, sued after coworker shared their sexts Monday 12:22 PM
Be careful who you sext: Snapchat might not be that secure after all
Your Snapchat usernames and phone numbers might be vulnerable, say researchers.
One of upstart photo-sharing service Snapchat‘s biggest selling points is its supposed security—a picture disappears immediately upon being sent, you’re notified if your photo gets screencapped, nothing is public, etc. There have been privacy issues in the past: you could cheat by pressing the home button while you save an image, and you could download a sketchy app that saves photos without notifying your partner.
Now a security advisory posted online earlier this week by the Australia-based white-hat hacker group Gibson Security claims the fledgling social network is far from secure, noting that someone with the requisite know how could collect Snapchat users’ names, email addresses and phone numbers, view and then save someone’s unread messages, send denial of service attacks that could momentarily crippe a user’s device and even completely replace sent images.
The problem, charges Gibson, is in the API used by Snapchat. Basically, an API is the set of instructions that allows one computer program to use data created by another computer program. Taking advantage of what the group called the “find friends exploit,” the group explained that interested parties could gain access to information sent over Snapchat that most users would quite naturally assume is both private and completely secure.
“This vulnerability could hypothetically be used to stalk members of society, such as public figures or the data could even be sold to various firms, with the intent of using it and other data to connect online profiles to people in real life,” explained Gibson Security, which noted that one of its researchers applied for a software developer job at Snapchat offering to fix some of these security flaws, but never got a response.
In addition to noting that their exploration of Snapchat’s API led them to the conclusion that the firm is planning on rolling out native advertising as a first step toward sensitization sometime in the near future (unsurprising given the two-year old company’s recent $860 million valuation), Gibson Security charged that Snapchat’s method of protecting its messages was “possibly one of the least effective modes of encryption.”
Representatives at Snapchat did not immediately respond to request for comment.
“Snapchat [sic] are in a world where some (if not most) of their users are placing trust in the security behind the app,” charged Gibson Security, “they can’t fall short on securing their application.”
This round of criticism isn’t the first time that Snapchat has been slammed for its app’s security being considerably lower than advertised. Late last year, BuzzFeed revealed that Snapchat videos are saved in a device’s cache and, by plugging said device into a computer, users can permanently save unwatched videos to their hard drive.
On top of that, Utah-based Decipher Forensics claimed it has devised a method of recovering previously viewed Snapchat messages, supposedly lost and gone forever, because, according to the forensics experts who figuratively cracked Snapchat’s code, the app doesn’t actually delete pictures and video after being viewed—instead, it merely changes the file extension.
A forensics examiner with Decipher joked that “pictures taken through the basic camera on an Android phone were actually more difficult to trace than the Snapchat photos.”
“The people who most enjoy using Snapchat are those who embrace the spirit and intent of the service,” Snapchat CEO Evan Spiegel countered when Buzzfeed confronted him with the cache issue. “There will always be ways to reverse engineer technology products—but that spoils the fun!”
Aaron Sankin is a former Senior Staff Writer at the Daily Dot who covered the intersection of politics, technology, online privacy, Twitter bots, and the role of dank memes in popular culture. He lives in Seattle, Washington. He joined the Center for Investigative Reporting in 2016.