After months of being ignored by the company behind the popular instant messaging app Snapchat, Australian hackers Gibson Security has finally published exploits that they discovered. The exploits could be used to match names and phone numbers on Snapchat. Additionally, unscrupulous hackers could also use the exploits to create thousands of fake Snapchat accounts en masse.
Snapchat is one of the fastest growing messaging applications on both iOS and Android. The app allows users to send text, videos and photos and gives them the power to permanently delete them after a preset time once the content has been viewed. The app is widely popular with younger users, who have been known to use the app to disseminate sexually charged content an with over 8 million users, any security breaches on the app could have major consequences on its user base.
Gibson Security first brought the matter to Snapchat’s attention in August and the same month, it also published a security advisory. However, Snapchat didn’t care to get in touch with the goup or fix the problem.
According to the hackers, Snapchat’s code had undocumented developer hooks that could be used to compromise the security of the app. With these developer hooks, hackers could match names and phone numbers of users. Since Snapchat has a very large user base, the exploit could be used to compromise the personal information of millions of Snapchat users.
“They’ve had four months, if they can’t rewrite ten lines of code in that time they should fire their development team. This exploit wouldn’t have appeared if they followed best practices and focused on security (which they should be, considering the use cases of the app),” the group said in an emailed statement.
Given the sheer number of users Snapchat has, the company behind it will do well to update the app by patching the possible vulnerabilities. Some people have frowned upon Gibson Securities for disclosing the exploit but by publishing its results online, the hacker group may actually force Snapchat’s hand into actually fixing the problem instead of ignoring it indefinitely.