Security

Want to use Snapchat? You’ll need to pass this security test first

Above: Snapchat logo

Image Credit: Snapchat

In order to prove you’re a human, Snapchat will now make new users find ghosts in pictures.

The last few weeks have been tough for Snapchat. The company was hacked, with 4.6 million users exposed, and had to issue a big fix quickly. It then experienced a major uptick in spam. So now the company has implemented a CAPTCHA game called “find the ghost” in order to mitigate some of these security issues.

The hope is that the find the ghost game will stop hackers from using automated bots to create tons of new user accounts to both spam and use the Find Friends API, but that’s obviously not Snapchat’s only problem.

Snapchat provides you with nine colorful square images. You have to select all the images that have a ghost in it. It’s simple, and I hope all you humans out there will be able to handle it.

TechCrunch‘s Josh Constine calls it “Snapcha,” which I think is an excellent name for it.

Over the holiday season, an Australian security research firm published details about a hole in its “Find Friends API.” Hackers then published 4.6 million usernames and semi-censored phone numbers to a database called SnapchatDB.

Afterward, Snapchat issued a new rule. It dictates that people must verify their phone number in order to use the “Find Friends” feature at all. This feature looks up an account by its associated phone number. Snapchat has also limited how many times an account can use the Find Friends API in a certain period.

Soon thereafter the spam became a problem and was noteworthy enough that Snapchat issued an apology. Of course, the company attributed the spam to its rapid growth — it definitely didn’t have anything to do with the 4.6 million phone numbers that were stolen.

The most recent issue came when a young hacker by the name of Graham Smith built a program that identified phone numbers associated with Snapchat accounts, according to TechCrunch. Through this, he found Snapchat chief technology officer Bobby Murphy’s phone number.

Smith also identified a number of other security issues. He figured out that though your account might be limited to one Find Friends API call within a certain time frame, you could always make another account. He also found that though you must verify your phone number in order to use Find Friends, Snapchat doesn’t verify your number server-side before letting you use Find Friends.

After not getting a response, Smith finally texted Murphy, who said he’d look into the issue.

The company is going to need to do more than block out spam with a classic CAPTCHA, especially if it’s going to tout itself as a private place to share self-destructing photos.

 

Reblog this post [with Zemanta]
0 comments