(The Hosting News) – A group of Australian hackers recently published exploits for the popular photo sharing app, Snapchat, in which they expose security issues within the app, states a report from ZDNet.
On Tuesday, Gibson Security released undocumented developer hooks (API) and two codes for exploits that show how users can match phone numbers with names on accounts.
“We decided that it was in everyone’s best interests for us to post a full disclosure of everything we’ve found in our past months of hacking the Gibson,” states the security group on their website.
According to Gibson, Snapchat founders have ignored the security exploits since they first exposed them in August and can easily be fixed with “ten lines of coding.”
“This is one of our personal favorites since it’s just so ridiculously easy to exploit. A single request (once logged in, of course!) to /ph/find_friends can find out whether or not a phone number is attached to an account. This is one of the things we initially wrote about in our previous release, approximately four months ago (at the time of writing)! They’ve yet to add any rate limiting to this, so we thought we’d add a non-watered down version of the exploit to this release; maybe Evan Spiegel will fix it when someone finds his phone number via this?”
Not only can the security issues found be used for targeting scamming, but can also be used for stalking.
|Black Lotus DDoS mitigation Service|
- 24x7 mitigation with guaranteed SLA
- DDoS mitigation facilities throughout North America and Europe
- 480 Gbps of active DDoS mitigation capacity
- Service delivery via GRE, physical cross connections or virtual Ethernet service
- Protect your servers or entire IP space from attacks
- WHMCS Issues Security Alert Concerning Boleto Module
- Microsoft Issues Security Advisory for ASP.NET
- Common Issues with Shared Hosting Security
- Sophos Web Hosting Security Firm, Issues New Report
- Yahoo Expands Security Efforts To Protect Users