Australian Hackers Reveal Security Issues For Snapchat Users

Australian Hackers Reveal Security Issues For Snapchat Users

API exploits security issues Snapchat

December 27th, 2013 By:

(The Hosting News) – A group of Australian hackers recently published exploits for the popular photo sharing app, Snapchat, in which they expose security issues within the app, states a report from ZDNet.

On Tuesday, Gibson Security released undocumented developer hooks (API) and two codes for exploits that show how users can match phone numbers with names on accounts.

“We decided that it was in everyone’s best interests for us to post a full disclosure of everything we’ve found in our past months of hacking the Gibson,” states the security group on their website.

According to Gibson, Snapchat founders have ignored the security exploits since they first exposed them in August and can easily be fixed with “ten lines of coding.”

“This is one of our personal favorites since it’s just so ridiculously easy to exploit. A single request (once logged in, of course!) to /ph/find_friends can find out whether or not a phone number is attached to an account. This is one of the things we initially wrote about in our previous release, approximately four months ago (at the time of writing)! They’ve yet to add any rate limiting to this, so we thought we’d add a non-watered down version of the exploit to this release; maybe Evan Spiegel will fix it when someone finds his phone number via this?”

Not only can the security issues found be used for targeting scamming, but can also be used for stalking.


SPONSOR SHOWCASE
Corero Network Security

* Real-time DDoS protection for you and your customers
* Purpose built DDoS protection appliance deployed at the Internet edge
* On-premises technology is designed to handle volumetric network-based DDoS attacks or floods, reflective and amplified spoof attacks, like DNS and NTP attacks, as well as application layer attacks - such as slow loris, slow read etc
* Unique, slim-line appliance family delivers 10 Gbps full-duplex performance in a 1/4 wide, 1 RU form factor, enabling Hosting providers to deploy a combination of SmartWall TDS appliances to deliver the performance, connectivity and security required
* Providers are now enabled to offer creative new offerings, such as DDoS and cyber threat protection, enhanced security SLAs as well as visibility and reporting through an analytics portal that can be leveraged as a premium service offering