Australian hackers say detailed coding shows how a vulnerability can be exploited to reveal phone numbers of users
Snapchat users’ phone numbers may be exposed to hackers due to an unresolved security vulnerability, according to a new report released by a group of Australian hackers.
Snapchat is a social media program that allows users to send pictures to each other that disappear within 10 seconds. Users can create profiles with detailed personal information and add friends that can view the photos a user shares.
But Gibson Security, a group of anonymous hackers from Australia, has published a new report with detailed coding that they say shows how a vulnerability can be exploited to reveal phone numbers of users, as well as their privacy settings.
“Snapchat has a feature where it will grab all the numbers from your address book, upload them to their server [which is pretty bad by itself] and suggests you friends,” a spokesman for Gibson Security told Guardian Australia.
“We discovered that if you were to go through and scan single phone number through this find friends function you could essentially obtain the phone number of a Snapchat user.”
The group says they approached Snapchat almost four months ago to flag the vulnerability, but never received a response, so they decided to release the full details of their findings on Christmas Day.
“As our final goodbye to Snapchat [we're moving onto other projects now], we decided to release everything we have.” The guide published on Christmas Day, if accurate, outlines exactly how the loophole can be exploited by potential hackers.
The Gibson Security spokesman said Snapchat should disable the find friend function and “quickly limit the damage as much as possible”.
“To the best of my knowledge, Snapchat still hasn’t patched the find friends exploit,” he said.
Snapchat was released in September 2011 and quickly rose to prominence as a new social media tool. But some reports have emerged about weaknesses in the encryption of the services.
Other reports have indicated that Snapchat’s may only be hidden rather than deleted entirely, which led to the US based Electronic Privacy Information Centre filing a complaint against the company with the Federal Trade Commission.
Comment has been sought from Snapchat but they have not yet responded.
guardian.co.uk © Guardian News and Media Limited 2010
image: © Garry Knight