It appears that Snapchat may have some security issues that need to be addressed, according to Gibson Security, a group that claims to have hacked Snapchat’s API, which is currently not public. There are two different exploits, the find_friends exploit and the Bulk Registration exploit. The first of the two takes in a set of phone numbers and can match them to a username, no matter if that is enabled by the user being found or not. This could lead to spam, or even stalking.
The second of the two exploits, Bulk Registration, sounds exactly like what you would think: it creates thousands of Snapchat accounts, which then would make it easier to run the find_friends exploit even faster. Apparently the group notified Snapchat of the security concerns back in August, but the company has yet to do anything about the matter. As a result, Gibson Security thought it would be best to publish the exploits in hopes that it will cause more urgency for Snapchat to close the loopholes. Regarding the exploits, Gibson Security said:
The use case where an evil party who wishes to stalk someone, the scraping for that could be done on a home computer in an afternoon with enough information. So yeah, it’s pretty bad.
Obviously this seems like something Snapchat should be taking concern with, but isn’t so far. Snapchat hasn’t said anything in response to the publication of these exploits yet, but one would assume this would push Snapchat to update the application with some security fixes. Snapchat needs to take a serious look at security it seems, because not only did the company not respond when the group told Snapchat about the issues in August, but according to them it should only take a mere 10 lines of code to correct the issue. Insane this hasn’t been addressed yet.
What do you think? Wondering why Snapchat doesn’t take security as seriously as it should? Let us know in the comments, or tweet me @TiP_Kyle.