Snapchat's anti-bot system is beaten in under an hour

Snapchat now verifies new users aren’t robots by making them choose its ghost mascot within images. It’s an attempt to keep out hackers who could steal phone numbers by exploiting a leaked database of details on 4.6 million accounts. A 16-year-old hacker proved he could do just that by finding the number of Snapchat CTO Bobby Murphy, but now he says Snapchat has patched the holes he harnessed.

Apparently, Snapchat’s spot-the-ghost human verification tool isn’t all that clever — Steven Hickson has already written software that circumvents the anti-bot feature. His technique simply finds the best matches between Snapchat’s sample pictures and a reference image. It’s not flawless, but it’s still accurate — no mean feat for something that took less than an hour to program. Whether or not there will be a fix isn’t clear. At this stage, the company will only tell us that it’s making “significant progress” in locking down its chat service. While the statement hints that more security measures are on the way, it doesn’t guarantee that Snapchat will defeat Hickson’s code.

Read full article

Comments