New Snapchat CAPTCHA system hacked in record time
Posted on 23 January 2014.
The revelation that usernames and phone numbers of some 4.6 million Snapchat users have been compromised marked a very bad start of the year for the company behind the popular photo messaging app, but it is not the end of their security woes.

On Wednesday, the company introduced a new way to verify if a user looking to register an account is human: he or she has to choose 4 pictures out of 9 that contain the "Snapchat ghost" (the app's logo).

Less than 30 minutes later, graduate student researcher at Georgia Tech Steven Hickson wrote a simple script that allows a computer to trick the system.


"This is an incredibly bad way to verify someone is a person because it is such an easy problem for a computer to solve. The problem with this is that the Snapchat ghost is very particular. You could even call it a template. For those of you familiar with template matching (what they are asking you to do to verify your humanity), it is one of the easier tasks in computer vision," he wrote in a post, and explained how he went about it.

"There are a ton of ways to do this using computer vision, all of them quick and effective. It's a numbers game with computers and Snapchat's verification system is losing," he added.

In the meantime, Graham Smith, a Texas high school student, has also revealed his tug of war with Snapchat after having found and reported to them several security flaws, and his script for solving the "Snaptcha".









Spotlight

Operation Pawn Storm: Varied targets and attack vectors, next-level spear-phishing tactics

Posted on 23 October 2014.  |  Targets of the spear phishing emails included staff at the Ministry of Defense in France, in the Vatican Embassy in Iraq, military officials from a number of countries, and more.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Oct 24th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //