Going back as far as August, the Gibson Security research team has reportedly attempted to warn Snapchat multiple times about security issues that could affect both the Android and iOS versions of the app.
Despite their warnings, the research group says that Snapchat has yet to address the problem, and therefore the group has decided to publish the exploit details to the public. The idea is that by making these issues known, the research group will force Snapchat to react, and hopefully promptly patch up the holes in their code that allow the exploits to work.
So what kind of exploits are we talking about exactly? The first bug could allow hackers to potentially gather up phone numbers, names and aliases from accounts in large batches. Even private accounts are apparently at risk of this particular hack. As for the second exploit, basically it’s possible to create tons of dummy accounts, which could then be used for spamming, spying and various other scams.
Now that the security exploits have been detailed online, we don’t doubt that Snapchat will work as quickly as possible to resolve the issues. Still, we have to wonder why they didn’t take the problem seriously when they were first contacted about four months earlier.
Making matters worse, the security research team claims that fixing the exploits would be about as easy as rewriting ten lines of code.
They’ve had four months, if they can’t rewrite ten lines of code in that time they should fire their development team. This exploit wouldn’t have appeared if they followed the best practices and focused on security (which they should be, considering the use cases of the app).
We’ve reached out to Snapchat asking for further clarification on the matter and will be sure to update if and when we learn more. In the meantime, just be aware that if you use Snapchat, there are a few potential security issues with the service. Whether that’s a deal-breaker for using Snapchat or not is up to you.
For more technical details on what is evolved when it comes to the two exploits, you’ll want to head on over to Gibson Security’s website.