New Snapchat security measure easily by-passed, says researcher

News

New Snapchat security measure easily by-passed, says researcher

Warwick Ashford

A security researcher has shown that a new user-verification system introduced by Snapchat to prevent hackers from stealing phone numbers is easily defeated.

Snapchat is a mobile app that allows users to send and receive "self-destructing" photos and videos.

Lockedphone-290x230.jpg

Makers of the app introduced the measure to block automated attacks after hackers tried to access leaked details of 4.6 million users, according to the Telegraph.

Earlier this month, hackers accessed a user database and uploaded usernames and phone numbers to the SnapchatDB.info, which was quickly taken down.

The user-verification system works by asking new users to identify images in which Snapchat's ghost logo appears from a selection of nine.

But security researcher Steve Hickson was able to defeat the system by using his knowledge of how computers recognise images.

"I spent around 30 minutes writing up some code" to perform an automated recognition task, he wrote in a blog post.

"With very little effort, my code was able to 'find the ghost' with 100% accuracy,” he wrote.

According to Hickson, this is “an incredibly bad way to verify someone is a person because it is such an easy problem for a computer to solve” and can be done in a variety of quick and effective ways.

“It's a numbers game with computers and Snapchat's verification system is losing,” he said.

Snapchat told Engadget that it is making "significant progress" in locking down its chat service and hinted that more security measures are on the way.

The user database compromise followed a warning by Australian firm Gibson Security that hackers could exploit vulnerabilities in the Snapchat app.

The hackers said they had exploited the security flaw highlighted by Gibson Security. "We used a modified version of gibsonsec's exploit/method," they were quoted as saying by Tech Crunch.

The hackers said their aim was to raise public awareness around the issue, and also put public pressure on Snapchat to get the exploit fixed.

More on mobile app security


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy