Snapchat, the smartphone app widely regarded as being "
sexting friendly", exposed users' email addresses since at least mid-December until the flaw was fixed on Thursday.
Many users of the service create usernames unrelated to their
identity but also use their personal email addresses when registering,
which put their anonymity in doubt while the flaw was active.
The revelation of users' email addresses being exposed comes as security experts have
figured out a way to capture videos sent via Snapchat and rival app Facebook Poke before they self-destruct.
Experts also
warn that not many Snapchat users are aware
that people can see who they have been chatting to on the service by
typing a forward slash and their username after the snapchat.com URL in a
web browser (i.e. snapchat.com/username).
Geoff Stearns, the creator
of SWFObject, a popular open-source JavaScript file for embedding Adobe
Flash content on web pages, discovered the email flaw and
reported it to Snapchat on December 14.
After waiting more than two weeks for a response, he
posted about it to his 1893 Twitter followers on Thursday, along with a link to a web page
explaining how the flaw worked.
Josh Miller, who knows Snapchat chief executive Evan Spiegel,
spotted the tweet and emailed Mr Spiegel about it. Shortly after, Mr
Miller
said the email flaw had been fixed after hearing back from Mr Spiegel.
To expose a user's email address on Snapchat all one needed
to do was type their username without a password into the app and
attempt to log in. Once this failed, a prompt would ask whether a
password reset was required. When pressed, the user's email address was
then displayed on the screen, allowing for a person with malicious
intent to discover their identity by typing it into a service such as
Google or Facebook.
Snapchat, Wickr and other apps such as Facebook's Poke have
become popular among teens who believe they are a "safe" way to send
explicit pictures of themselves to friends.
The reason they believe these apps are safe is because videos
and texts sent via them are deleted after a short period of time
determined by the sender.
But computer experts have already found ways to save Snapchat
and Poke content before it self-destructs, and there is nothing
stopping a person from taking a picture of their screen.
Comment about the email flaw is being sought from Snapchat.
smh.com.au 3 Jan 2013
No comments:
Post a Comment