Four months ago Gibson Security, a group of freelance vulnerability researchers, notified Snapchat that it had found serious flaws in the image-flinging service's security and privacy systems.Always nice to see the vendor's security team jump right on things.
Having heard nothing back, the group has now released the details and some exploit code to back up its claims.
It appears photos sent via Snapchat are encrypted using AES and a key hardwired into the application's code, allowing anyone to decrypt and view intercepted images.A hard coded encryption key? This sort of thing makes the Bad Guys feel funny in their pants (err, in a h4x0R sort of way) ...
Snapchat's application allows its predominantly young users base to send up to ten second views of pictures before they are permanently deleted. Given the current fad for sexting, and the ensuing moral panic it has inspired, the service has a significant following among those who wish to send titillating titbits to a paramour.Now my suspicion is that my readership skews a bit more to the established demographic, but if you have any younger family/friends, you might want to pass this on to them. Err, and have them read this from the early days of this blog, too. I've been warning about this for quite some time.
* Not that you would ever do this, of course. Speaking hypothetically here.
2 comments:
I haven't looked, but I wonder if snapchat can protect from screenshots? My Samsung phone can take a screenshot by wiping the edge of your hand across the screen horizontally.
Rick;
That's the biggest rub with Snapchat that I can think of. Ten seconds is plenty of time for a screen shot.
Besides, trust them to delete everything, completely and entirely? Never get hacked?
Probably not so much.
Do not send compromising pictures on the internet. Never send anything that you wouldn't want posted on a billboard on mainstreet in the town your mom lives in with your name under it. Or, alternatively, take the risk and live with the consequences.
Post a Comment