Earlier this week Gibson Security tweeted some information it claimed could be used to exploit Snapchat enabling malicious hackers to match usernames with phone numbers and build a profile of users. Gibson Security also claimed the security holes could allow for the creation of dummy accounts in bulk. According to Gibson Security, they notified Snapchat of the problems last August, but after not seeing any move to correct an issue that supposedly could be fixed with ten lines of code, proceeded with making the exploit public.
Snapchat has responded via their blog with a statement indicating they have implemented safeguards “to make it more difficult to” use the Find Friends feature to match phone numbers with user accounts. They also claim they have “added additional counter-measures and continue to make improvements to combat spam and abuse.” Despite these claims that their code makes this difficult to achieve, Snapchat does indicate in their statement:
“Theoretically, if someone were able upload a huge set of phone numbers, like every number in an area code, or every possible number in the U.S., they could create a database of the results and match usernames to phone numbers that way.”
That sounds like a tacit admission that Gibson Security’s claims are accurate. While Snapchat may want to be somewhat intentionally vague as to how they are addressing the matter to avoid giving potential attackers even more useful information, this statement does not seem to do much to help alleviate the concerns of users.
source: Snapchat
via: phoneArena
Come comment on this article: Snapchat claims safeguards in place to prevent exploits
Powered by WPeMatico