Yep, Snapchat still sucks at security - new anti-spam measure cracked in less than 30 minutes

Yep, Snapchat still sucks at security - new anti-spam measure cracked in less than 30 minutes
Image: Screenshot from TechCrunch

Image: Screenshot from TechCrunch

It’s been a bad few weeks for Snapchat after many people called into questioned how secure users were on the service – especially given how dismissive they were to an exploit which lead to 4.6 million usernames and phone numbers leaked, and a sudden increase in spam.

However, the company has said they are now working on fixing its security problems. In the last 24 hours, the company rolled out a new measure to ensure those signing up are humans and not computer bots.

Those who want to sign up to the service are required to choose the images – out of the nine presented – that feature the Snapchat “ghost” before registering. Choose correctly, and the app will let you in. Otherwise, you’ll be locked out.

There’s only one tiny little problem.

It’s been cracked – in less than 30 minutes.

Steven Hickson, a computer science graduate student from Georgia Tech University, wrote in a blog post that it was really easy to get around. Because the ghost has the same shape, regardless of the size and rotation, Hickson was able to write a program that could automatically find the ghost in the image.

“If it takes someone less than an hour to train a computer to break an example of your human verification system, you are doing something wrong,” Hickson wrote. “There are a ton of ways to do this using computer vision, all of them quick and effective. It’s a numbers game with computers and Snapchat’s verification system is losing.”

And if you want to see the code in action or have a tinker with it, Hickson has made it available online.

Share Tweet Send
You've successfully subscribed to TechGeek
Great! Next, complete checkout for full access to TechGeek
Welcome back! You've successfully signed in
Success! Your account is fully activated, you now have access to all content.