While some of us here at Phandroid simply haven’t been able to get into the whole “Snapchat craze,” we know a good portion of the kids these days seem to love it. In fact, with between 10 and 50 million downloads in the Google Play Store, we’d say a good portion of you probably have the app installed on your device.
Guess that’s why the internet seems to be freaking out this afternoon over a recently discovered vulnerability in Snapchat that could allow hackers to easily archive the names and phone numbers of the service’s some umpteen million users.
The exploit was discovered by the Gibson Security firm who — get this — claims they notified Snapchat about the vulnerability back in August. Where Snapchat recently updated their app with fun new features like filters, larger text overlays, and replays, it appears that they’ve simply ignored patching up what could be a pretty serious vulnerability. It’s this lack of communication between the 2 parties that lead to the security firm based in Australia to publish the exploit for all to see.
The worst part? According to Gibson, the exploit could have been patched up with a simple 10 lines of code.
UPDATE
Snapchat has responded to the vulnerability claims in a blog post, essentially calling this exploit a non-issue. While they agree it would be theoretically possible for someone to upload a huge data base of numbers and somehow connect them to user’s accounts, it says it’s extremely unlikely. So much, they’re shrugging off the issue entirely. As it turns out, they claim they’ve already done some work to ensure something like this doesn’t happen, saying:
“Over the past year we’ve implemented various safeguards to make it more difficult to do. We recently added additional counter-measures and continue to make improvements to combat spam and abuse.”
[ZDNet]
Powered by WPeMatico