The wildly popular photo sharing app Snapchat keeps receiving millions of dollars in funding, yet it still has a problem that has been going largely unnoticed for months: security. Gibson Security revealed a hack four months ago that enables hackers to obtain users" phone numbers if they wanted to. Fast forward to the present and hackers are still able to use the same exploit; Snapchat has yet to address the issue.
Plus, as you probably already know, it"s a lot easier than Snapchat probably wants you to believe for someone to permanently save a photo or video that you send even though it"s supposed to disappear after no more than 10 seconds. In fact, there are apps available for download (i.e. SnapHack) with the explicit purpose of allowing you to save snaps you receive. Snapchat has not fixed this problem either.
"Given that it’s been around four months since our last Snapchat release, we figured we’d do a refresher on the latest version, and see which of the released exploits had been fixed (full disclosure: none of them)," Gibson Security states in a report.
The researchers even include proof of concept scripts. "This is one of our personal favorites since it"s just so ridiculously easy to exploit," they wrote about the find_friends exploit, which can let a hacker know if you have a phone number attached to your account.
Hopefully in the upcoming updates Snapchat releases, we"ll start to see more of these security issues patched up. Tight security can not only be crucial to maintaining users down the road, but also maintaining funding.
Source: BGR