Thursday, January 23, 2014

Snapchat ghost Captcha took less than 30 minutes to crack

Snapchat has been highly criticized for the way they've been dealing with the security issues some security researchers have reported - completely ignoring them at first, then publicly dismissing it as being "nothing serious" no one would take advantage of, etc. But people did take advantage and leaked millions of user records online; and each "fix" they stubbornly implemented has been shown to still leave some open doors.

One of the last changes was adding a ghost captcha system to prevent automated fake user account creation at massive scales, where people need to prove they're human by selecting images where their ghost logo is present. But just like we predicted... it didn't last long.

Usually, computers can't make any sense from what's in a image: its just digital data. That's why you need to manually tag your photos, instead of being able to tell your computer to show you just the pictures you took in a mountain, or with your car on frame, etc. But when it comes to find a specific pattern in a imagem, well, that's a lot easier. Something proven by Steven Hickson, who created a small program that cracks Snapchat ghost captcha in under 30 minutes and less than 100 lines of code.

This is particularly worrying because it shows that besides the "attitude" problem, Snapchat really doesn't have a clue on how to make things secure. And worst of all, while you might not give a damn to what Snapchate security issues are, it makes us wonder just how many other startups or rising services might fall under the same category, unwittingly lacking the knowledge or the skills required to keep your/our data reasonably safe.

No comments:

Post a Comment

Related Posts with Thumbnails

Amazon Store