New Snapchat CAPTCHA system hacked in record time
Posted on 23 January 2014.
The revelation that usernames and phone numbers of some 4.6 million Snapchat users have been compromised marked a very bad start of the year for the company behind the popular photo messaging app, but it is not the end of their security woes.

On Wednesday, the company introduced a new way to verify if a user looking to register an account is human: he or she has to choose 4 pictures out of 9 that contain the "Snapchat ghost" (the app's logo).

Less than 30 minutes later, graduate student researcher at Georgia Tech Steven Hickson wrote a simple script that allows a computer to trick the system.

"This is an incredibly bad way to verify someone is a person because it is such an easy problem for a computer to solve. The problem with this is that the Snapchat ghost is very particular. You could even call it a template. For those of you familiar with template matching (what they are asking you to do to verify your humanity), it is one of the easier tasks in computer vision," he wrote in a post, and explained how he went about it.

"There are a ton of ways to do this using computer vision, all of them quick and effective. It's a numbers game with computers and Snapchat's verification system is losing," he added.

In the meantime, Graham Smith, a Texas high school student, has also revealed his tug of war with Snapchat after having found and reported to them several security flaws, and his script for solving the "Snaptcha".


More than 900 embedded devices share hard-coded certs, SSH host keys

SEC Consult analyzed firmware images of more than 4000 embedded devices of over 70 vendors and found that, in some cases, there are nearly half a million devices on the web using the same certificate.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Mon, Nov 30th