Snapchat Has A Huge Security Hole That Allows Hackers To Identify Exactly Who You Are

Snapchat Has A Huge Security Hole That Allows Hackers To Identify Exactly Who You Are
Technology
Like Us On Facebook
Like Us On Facebook

A group of young Australian hackers called Gibson Security posted information on Christmas Eve exploiting loopholes in Snapchat‘s security that “allows mass matching of phone numbers with names and mass creation of bogus accounts,” reports ZDNet.

According to ZDNet, Gibson published the codes because they had warned Snapchat of the vulnerability last August, but were ignored by the $2 billion company.

The loopholes are accessed by reverse-engineering Snapchat’s API, or re-writing a script of code.

But the security glitches are just the start of Gibson’s Snapchat revelations.

First off, Gibson claims Snapchat could have closed the loopholes by writing just 10 more lines of code. They also said that Snapchat, along with its investors, lied to the press not too long ago when they said that 70% of its users are female because there is no way such statistics could be obtained.

Gibson’s security exploits state that a 1:1 link can be established between a person’s phone number and Snapchat account.

The hackers told ZDNet that the first loophole, called the “find friends exploit,” generates phone numbers and then obtains the Snapchat usernames of any phone number that matches the record of a Snapchat user.

From ZDNet:

“People could operate a service similar to ssndob.cc, where you could pay a few dollars and obtain the phone number and social media profiles of a person, just by their username.

“[Snapchat could have fixed this] by adding rate limiting; Snapchat can limit the speed someone can do this, but until they rewrite the feature, they’re vulnerable. They’ve had four months, if they can’t rewrite ten lines of code in that time they should fire their development team. This exploit wouldn’t have appeared if they followed best practices and focused on security (which they should be, considering the use cases of the app).”

The most significant finding here seems to be that it is incredibly easy to register a false Snapchat account and access the phone numbers of virtually any user, even if the account is private.

It is therefore impossible to determine what percentage of Snapchat accounts are actually valid.

Via: Valley Wag, Top Photo Courtesy: Gaterr

Share Tweet
React
Like Us On Facebook
Like Us On Facebook

Sean Levinson

Sean Levinson loves writing almost as much as he loves ranting about politics. Elite Daily lets him do both, and he couldn't be happier now that he's finally putting his years at SUNY New Paltz to good use. When he's not writing, Sean enjoys nature excursions, playing the guitar and the Ultimate Fighting Championship. Look for him on "Real Time with Bill Maher," where he regularly appears in his most precious fantasies.

More In Technology

Also On Elite

Life

Why We Must Stop Categorizing Women And In Turn Lessening Their Worth

So recently I discovered that I’m pretty second-rate, as far as girlfriends go. The Internet tells me that my boyfriend should want to date a girl who reads, a girl who travels or a girl who dances. He should really be after a girl who runs, a girl with short hair, a girl who drinks beer […]

World

Science Says We Actually Prefer Chinese Restaurants To Be Disgusting

Apparently we all have a deep psychological need to see ducks hanging in the windows of our favorite Chinese restaurants. A researcher from Stanford University curious about Americans’ need for perceived authenticity in Asian restaurants conducted a study to see whether cleanliness or credibility matter more in the eyes of the diner. Glen Carroll, the study’s […]

Humor

Stop The Presses! Pierce Brosnan Actually Sucks At Goldeneye On N64 (Video)

Looking back, Goldeneye on the N64 is a frustratingly clunky mess that can’t really compare to other video games with two analog sticks at their disposal, but it managed to define a generation when it was first released. Based on the James Bond movie of the same name, the cheat codes, level design and Oddjob […]