Snapchat plays down exploit code expose but Gibson Security promises more proof

Snapchat has put a lid on the noise created by a report released by Gibson Security on Christmas Eve that allegedly reveals potential exploits that will allow hackers to match usernames, display names, and other information to phone numbers. Falling into the wrong hands, the said data can be used by cybercriminals to stalk or harass Snapchat users or resell it online for cash.

The hacking group that describes itself on its website as "poor students, with no stable source of income," had warned of vulnerabilities in the Snapchat app as early as August. At that time, the app maker chose to ignore it.

According to the report of the collective, assuming that there are eight million users of the app, with a setup that can crunch around 6,666 phone numbers per minute and a $10-server on the cloud, it can harvest all available phone numbers in just 26.6 hours.

"Evidently (fortunately?) this is not the case, however, it's sort of scary to think about, isn't it? Hopping through the particularly 'rich' area codes of America, potential malicious entities could create large databases of phone numbers, Snapchat accounts in minutes," it said in a statement. "In an entire month, you could crunch through as many as 292 million numbers with a single server.

In response to the latest jab of the security group about its API, Snapchat finally has come out, saying it has enough defenses to protect its users from abuse.

"Our Find Friends feature allows users to upload their address book contacts to Snapchat so that we can display the accounts of Snapchatters who match the phone numbers found in the address book. Adding a phone number to your Snapchat account is optional, but it's helpful for allowing your friends to find you. We don't display the phone numbers to other users and we don't support the ability to look up phone numbers based on someone's username," Snapchat posted on its official blog.

"Theoretically, if someone were able upload a huge set of phone numbers, like every number in an area code, or every possible number in the U.S., they could create a database of the results and match usernames to phone numbers that way. Over the past year we've implemented various safeguards to make it more difficult to do. We recently added additional counter-measures and continue to make improvements to combat spam and abuse," it emphasized.

Snapchat did not provide details on what countermeasures were imposed or how they work.

Gibson Security was clearly annoyed by Snapchat's rebuff. "Theoretical? I'll post some proof soon to counter that," it tweeted on Friday.

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Tags:Snapchat
Join the Discussion
Real Time Analytics