Sunday, December 29, 2013

IT security: vulnerabilities Snapchat made public -

In August, the group of hackers Gibson Security , based in Australia, called the publisher of the application Snapchat to fix two security vulnerabilities for creating fake accounts en masse and unauthorized access to telephone users.

alert remains unanswered: vulnerabilities in question are still present in the latest version of the service (4.1.01) on iOS and Android. They may soon be actively exploited because of their publication, on Christmas day, the members of Gibson Security, frustrated that their warning had not been taken into account.

first feat ‘, called find_friends is to use the API Snapchat to write a program that will generate a list of phone numbers, then browse by automatically associating names users of the application. Leased $ 10 per month server enough to go, twenty hours, the entire basis of registered 8 million accounts at last count in June 2013. Of personal data could result from minted tens of dollars on the black market profiles.

another vulnerability threatens more indirectly users: it facilitates the creation of massive fake accounts ( Bulk Registration ), mainly to spread spam. Here now documented by Gibson Security, which evokes a common technical computer security [...] to force the hand of an editor so that it improves its management of bugs and security “.

The challenge is even greater for Snapchat, who has made one of its confidentiality warhorses. The young company – founded in 2011 by Bobby Murphy and Evan Spiegel – riding the global awareness related to revelations about the eavesdropping program conducted by the United States. It provides not archive any conversation and highlights the convenience of its service, designed to send images and videos that disappear after a short period of time. The caller receives an alert to the arrival of a new message and when it starts playing, it features one, two, three or ten seconds before said message self-destructs.

concept has attracted a rather young audience, mostly composed of students who are now traded over 400 million files per month. Ecosystem now officially exposed to two security vulnerabilities … among others: in January, a user had found that he could find in its file explorer, videos supposedly ‘deleted’ if logs on the phone to a PC or Mac. More recently, in October, a SnapHack application to save the content without time limit appeared on the App Store Apple .


see – Quiz ICQ Skype, have you followed the evolution of IM


illustration Credit: Benoit Daoust –

No comments:

Post a Comment