Security Researchers Gave Snapchat A Nasty Christmas Present By Telling The World How To Hack Snapchat

Advertisement

Snapchat for iPhone

App Store

If you use Snapchat please be aware that your phone number could now be grabbed by hackers, security researchers told Business Insider.

Advertisement

That's because these same researchers just published detailed instructions on how to hack Snapchat.

The researchers, who call their company Gibson Security, were frustrated that Snapchat had ignored their previous work, sent to Snapchat in August, they said. That's when they had found a bunch of security holes in the photo-texting service. They told Snapchat about the holes (called "exploits" in security lingo) trying to get Snapchat to fix them.

Complimentary Tech Event
Transform talent with learning that works
Capability development is critical for businesses who want to push the envelope of innovation.Discover how business leaders are strategizing around building talent capabilities and empowering employee transformation.Know More

In the document that tells the world about the holes, the researchers explain:

"Given that it's been around four months since our last Snapchat release, we figured we'd do a refresher on the latest version, and see which of the released exploits had been fixed (full disclosure: none of them).

Advertisement

... we decided that it was in everyone's best interests for us to post a full disclosure of everything we've found in our past months of hacking'

We asked the researchers to explain a little better what other hackers could do with the info they released.

Business Insider: Does the info you disclosed allow a programmer/hacker to grab and view unopened Snaps? Opened Snaps?

Gibson Security: No it does not, but rather what we disclosed allows you to obtain the phone number of any Snapchat user without their permission.

BI: Your document talks about the Android Snapchat app. Does it threaten iPhone users, too?

Advertisement

GS: Everything we disclosed works on iPhone and Android users.

BI: What are you hoping to accomplish by publishing this hacking blueprint?

GS: We wish that Snapchat audits their code and improves how security and bugs are handled in the company.

Note that publishing exploits is a common tactic among security researchers if an app developer ignores them. It's called "full disclosure" and its got a "blackmail for the good of society" flavor about it. The idea is to force companies to beef up their security by exposing the weaknesses to the world.

It's a little like a security guard finding an open window in an office building, telling the building owner to close and lock the window and, if ignored for a month or more, telling all interested thieves about the open window and what to steal inside.

Advertisement

In this case, by exposing the phone numbers and user names of Snapchat users, the researchers say hackers could "automatically build profiles about [Snapchat] users, which could be sold for a lot of money," they told ZDNet.

Snapchat is an app that lets you send self-destructing photos. After a photo is viewed, it's supposed to be deleted. That's one reason, it has become popular for sexting (sending sexy photos). In May, Snapchat acknowledged that there are circumstances when it might be possible for hackers or others to get a hold of the photos.

We've asked Snapchat for comment about exposed phone numbers and will update the story if we hear back.