Snapchat is a popular mobile photo messaging app available for iOS and Android that allows anyone to send photos and videos and set how long the recipient can view the message. This is a great feature for anyone who wants to send out embarrassing photos for friends to see with the assurance that it does not spread out.
The app may be great however as early as August of this year the Gibson Security research team has reported to Snapchat an exploit that affects both iOS and Android devices. Despite the warning the exploit still exists until this very moment.
There are actually two exploits that have been discovered. The first exploit is a bug in the program that could allow hackers that could get the phone numbers, names, and aliases from the accounts in bulk. The second exploit allows anyone to create an unlimited amount of dummy accounts which could be used in spamming and other scams.
Gibson calls the first exploit as “Find Friends Exploit”. The research team managed to skim through 10,000 phone numbers in just 7 minutes using a 1 GB connection on a virtual server. This data could be used in scamming or stalking. “You could find someone’s phone number in minutes provided you know the general area they live in.”
Gibson security said that now that the exploit has been made public there’s no reason for Snapchat to fix it. They are however wondering why it hasn’t been fixed when they first contacted the company four months earlier. The fix itself isn’t even complicated as they say only around ten lines of code needs to be changed.
“They’ve had four months, if they can’t rewrite ten lines of code in that time they should fire their development team. This exploit wouldn’t have appeared if they followed the best practices and focused on security (which they should be, considering the use cases of the app).”