Four months ago Gibson Security, a group of freelance vulnerability researchers, notified Snapchat that it had found serious flaws in the image-flinging service's security and privacy systems.Always nice to see the vendor's security team jump right on things.
Having heard nothing back, the group has now released the details and some exploit code to back up its claims.
It appears photos sent via Snapchat are encrypted using AES and a key hardwired into the application's code, allowing anyone to decrypt and view intercepted images.A hard coded encryption key? This sort of thing makes the Bad Guys feel funny in their pants (err, in a h4x0R sort of way) ...
Snapchat's application allows its predominantly young users base to send up to ten second views of pictures before they are permanently deleted. Given the current fad for sexting, and the ensuing moral panic it has inspired, the service has a significant following among those who wish to send titillating titbits to a paramour.Now my suspicion is that my readership skews a bit more to the established demographic, but if you have any younger family/friends, you might want to pass this on to them. Err, and have them read this from the early days of this blog, too. I've been warning about this for quite some time.
* Not that you would ever do this, of course. Speaking hypothetically here.