Snapchat Security Disclosure
December 28, 2013Given the latest update to the GibSec Snapchat API:
Using our Snapchat API implementation, someone could save media sent to them, DoS Snapchat users, and as we recently found, build a database of Snapchat usernames and phone numbers, connecting names to aliases easily, and with further work connecting social media accounts to entries.
We also found that if someone was able to gain access to Snapchat’s servers, they could easily view, modify or replace snaps sent. With a couple of lines of python, someone could view all your unread messages, and depending on the situation, modify and even replace the images completely.
Firstly, it makes me glad I never downloaded the Snapchat app. And secondly, I’m thinking there’s probably a really cool project using this with OpenCV and scikit-learn (two libraries I’ve always wanted to play around with) if I have the time (read: I probably won’t). It’d be nothing malicious, just classifying the pictures as cat or non-cat.
Betting Snapchat will soon be regretting not taking Facebook’s $3 billion.