Alexandra Burlacu
It seems that popular app Snapchat packs an unpatched code flaw in its API, and the exploit allows for user data collection.
Through this exploit, rogue coders can generate scripts and tie real phone numbers to Snapchat user names, display names, as well as account privacy settings.
What's even more alarming is that the vulnerability in question is not new, yet it hasn't been addressed. Security researchers at Gibson Security have been ignored by Snapchat since August, so they decided to go for a full disclosure to warn users themselves.
"Given that it's been around four months since our last Snapchat release, we figured we'd do a refresher on the latest version, and see which of the released exploits have been fixed (full disclosure: none of them)," reads the notice. "Seeing that nothing had been really been improved upon (although, stories are using AES/CBC rather than AES/ECB, which is a start), we decided that it was in everyone's best interests for us to post a full disclosure of everything we've found in our past months of hacking the gibson."
Associating real phone numbers with Snapchat display names, user names, and account privacy settings is obviously a big threat. In an email to ZDnet, Gibson Security further highlighted that a coded script collecting user data could "automatically build profiles about users, which could be sold for a lot of money."
Snapchat is a popular service that allows users to exchange short video messages that are automatically deleted within ten seconds after they are opened. The exploit leaves this function unaffected, but may grant more access to senders' personal information when API script users implement the undocumented hooks.
According to the security firm, the hooks are not hard to remove from the API, and can be deleted with little to no effect to the rest of the API. Nonetheless, Snapchat apparently ignored these warnings since August. If the previous notice failed to prompt a response, perhaps this full disclosure will spark some real action. Snapchat has yet to issue a statement in this regards, but we'll make sure to keep you up to date as soon as we hear more.
most read
related stories
more stories from Mobile
Big news! Apple nearing agreement with Baidu for AI integration in Chinese iPhones. Stay tuned for the latest updates on this exciting collaboration.
ernest hamiltonSamsung expands Galaxy AI rollout to millions of users. S23, Z Flip 5, Z Fold 5 included. Explore the latest enhancements and features. Upgrade your device now!
ernest hamiltonExciting update alert! Google Messages Beta introduces Gemini for selected users. Experience enhanced chats with this new feature. Explore the latest innovations now!
ernest hamiltonRumor alert! iPhone 16 Pro to feature A18 Pro chip, enhancing AI with 6-core GPU. Stay tuned for the latest updates on Apple's next-gen device.
ernest hamiltonExciting news for Samsung users! One UI 6.1 update rolls out this week, introducing Galaxy AI for S23, Fold5, and Flip5. Explore the latest features and enhancements. Update now!
ernest hamiltonGoogle ceases Pixel 6a sales, signaling a strategy shift. Stay informed on the latest developments in the smartphone market.
ernest hamiltonUnlock savings with Samsung! New price offer promotion introduced for Galaxy S24 phone buyers. Don't miss out on this limited-time deal. Upgrade your device today!
ernest hamiltonGet ready for a game-changer! iOS 18 set to introduce highly customizable home screen in the biggest iPhone update yet. Stay tuned for the ultimate personalization experience!
ernest hamilton