Snapchat Exploits Could Match Users' Names And Phone Numbers
Two Snapchat exploits and the app's API were published Tuesday. The exploits allow hackers to match names to phone numbers and create fake accounts.By Adam Falk | December 27, 2013
Snapchat users, we have some potentially bad news. And it's not going away in six seconds.
The Australian hacker group says it's known about the exploits for months, citing this release from August. But it reports, as of now, Snapchat hasn't done anything to fix them. So Gibson Security published Snapchat's API and the two hacks on Tuesday.
ZDNet reports the code Gibson published is fully functional. And that's worrying for the app's estimated 8 million users because, as Ars Technica writes, "Users of the exploit could take that data and resell it for cash, as well as scam or stalk the Snapchat accounts they've identified."
How exactly the hacks work is pretty complicated.
And it's fast. According to Gibson's calculations, "We can assume that it would take approximately 20 hours for one $10 virtual server to eat through and find every user's phone number." The "Bulk Registration" exploit reportedly allows for account creation.
This, as Gibson notes, could rapidly create thousands of accounts, which could then spam Snapchat users. (Via Snapchat)
This could all be fixed, according to the hackers. And it would only take 10 lines of code. Gibson tells ZDNet: "Snapchat can limit the speed someone can do this, but until they rewrite the feature, they're vulnerable. They've had four months, if they can't rewrite ten lines of code in that time they should fire their development team."
That team has maybe been more focused on its freshly updated app. Now users can add filters and "replay" one snap every 24 hours. (Via Mashable)
Snapchat hasn't responded to any requests for comment on these exploits or even acknowledged whether they exist.