Security Researchers Gave Snapchat A Nasty Christmas Present By Telling The World How To Hack Snapchat
That's because these same researchers just published detailed instructions on how to hack Snapchat.
The researchers, who call their company Gibson Security, were frustrated that Snapchat had ignored their previous work, sent to Snapchat in August, they said. That's when they had found a bunch of security holes in the photo-texting service. They told Snapchat about the holes (called "exploits" in security lingo) trying to get Snapchat to fix them.
In the document that tells the world about the holes, the researchers explain:
"Given that it's been around four months since our last Snapchat release, we figured we'd do a refresher on the latest version, and see which of the released exploits had been fixed (full disclosure: none of them).
... we decided that it was in everyone's best interests for us to post a full disclosure of everything we've found in our past months of
We asked the researchers to explain a little better what other hackers could do with the info they released.
Business Insider: Does the info you disclosed allow a programmer/hacker to grab and view unopened Snaps? Opened Snaps?
Gibson Security: No it does not, but rather what we disclosed allows you to obtain the phone number of any Snapchat user without their permission.
BI: Your document talks about the Android Snapchat app. Does it threaten iPhone users, too?
GS: Everything we disclosed works on iPhone and Android users.
BI: What are you hoping to accomplish by publishing this hacking blueprint?
GS: We wish that Snapchat audits their code and improves how security and bugs are handled in the company.
Note that publishing exploits is a common tactic among security researchers if an app developer ignores them. It's called "full disclosure" and its got a "blackmail for the good of society" flavor about it. The idea is to force companies to beef up their security by exposing the weaknesses to the world.
It's a little like a security guard finding an open window in an office building, telling the building owner to close and lock the window and, if ignored for a month or more, telling all interested thieves about the open window and what to steal inside.
In this case, by exposing the phone numbers and user names of Snapchat users, the researchers say hackers could "automatically build profiles about [Snapchat] users, which could be sold for a lot of money," they told ZDNet.
Snapchat is an app that lets you send self-destructing photos. After a photo is viewed, it's supposed to be deleted. That's one reason, it has become popular for sexting (sending sexy photos). In May, Snapchat acknowledged that there are circumstances when it might be possible for hackers or others to get a hold of the photos.
We've asked Snapchat for comment about exposed phone numbers and will update the story if we hear back.
- EPFO adds a net 15.62 lakh members in Dec; 8.41 lakh new subscribers join workforce
- Zee Entertainment reaches out to Sony to revive terminated merger
- India's AI market to touch $17-billion by 2027: Nasscom-BCG report
- Worried about 'forever chemicals' in your water? Try electron-beaming it!
- Wetlands in the icy Arctic have begun releasing 9% more planet-warming methane in the past two decades: study