Snapchat Vulnerable To Phone Hackers, Security Research Finds
Those Lifetime movie specials know what they're talking about: when you take a private picture on your phone, you never know who could see it. At least that's what researchers at Gibson Security found while studying the possible vulnerabilities in Snapchat's code. Researchers discovered that hackers can easily match Snapchat accounts to specific phone numbers by exploiting a legitimate feature in the program's API — despite the fact that those associations aren't supposed to be publicly available.
The computer-security company actually found the vulnerability four months ago. But when researchers saw that in the new version of Snapchat's program nothing had been fixed, they decided to try to get the company's attention by simply releasing the exploits. In the new disclosures, the researchers write:
Given that it's been around four months since our last Snapchat release, we figured we'd do a refresher on the latest version, and see which of the released exploits had been fixed (full disclosure: none of them). Seeing that nothing had been really been improved upon (although, stories are using AES/CBC rather than AES/ECB, which is a start), we decided that it was in everyone's best interests for us to post a full disclosure of everything we've found in our past months of hacking the gibson.
The number-matching vulnerability is reportedly so easy to exploit that the researcher-hackers were able to match 10,000 numbers in just seven minutes. With the right equipment it's possible to make matches as quickly as 5,000 times a minute. Snapchat has not yet commented on the findings.
Until then, you can check out the full Snapchat vulnerability report, and as always, sext responsibly.