Snapchat unveiled new security measures yesterday only to have a hacker decipher said measures the following day, and it took him less than an hour.
Security concerns surrounding photo/video messaging service Snapchat have been a pretty hot topic in recent weeks, particularly following a major cyber attack which led to 4.6 million user’s details being published online. The worst part is despite the company’s efforts, it still isn’t doing enough to protect its vast user base from hackers, bots and theft.
Yesterday the company unveiled a system, nicknamed ‘Snap-tcha’ which requires users to identify the app’s signature ghost mascot in order to verify that they are indeed human and not a bot. Bot accounts have been used as a means to exploit the app’s Find Friends feature and farm both email addresses and phone numbers, leading to the introduction of the new system, but just 24 hours later a hacker by the name of Steven Hickson claims he has created a tool which can accurately identify the ghost and deceive this new feature.
Using a combination of scripting technologies, Hickson’s tool can discern the simple shape of the ghost mascot and therefor gain access to the system to repeat the same exploit as before. Many hackers, coders and developers have expressed concerns about Snapchat’s apparent poor attempts at improving security and protecting its user’s privacy and identity.
17-year-old Graham Smith, a hacker and app developer from Dallas, Texas previously demonstrated one of the exploits Snapchat hadn’t yet patched and has spoken about the company’s approach to security with TechCrunch’s Josh Constine via Twitter.
“Snapchat is doomed forever as far as security. Even if they fix this once and for all. They have the wrong idea. They don’t work well with outsiders.”