The more I write about Snapchat, the less secure it seems to me. Yesterday Snapchat released a new verification system to enhance the security of the app by verifying that you’re a real person. Here are the details from news.com:
After registering with an e-mail address, password, and birth date, you’re presented with a set of nine tiles, some with Snapchat’s familiar ghost mascot and some without.
Your challenge is to tap on the images with the ghosts. Do it successfully, and you gain entry. Otherwise, Snapchat denies your request and prompts you to keep trying.
It sounds great. Except for the fact that in less than 24 hours, it’s been compromised:
Steve Hickson used his knowledge of how computers recognize images and template matching to show how a computer could foolSnapchat’s new Captcha-style image verification that debuted on Wednesday.
“I spent around 30 minutes writing up some code” to perform the automated recognition and selection task, Hickson said. “With very little effort, my code was able to ‘find the ghost’ in the above example with 100 percent accuracy.”
He explained that after “thresholding” them, which separates an image into color segments, he created feature points on the original ghost template and had his script look for matches in the extracted images.
“If the uniqueness is high enough and enough features are found, we call it a ghost,” he said.
Well, that’s just great. Snapchat hasn’t said anything about this, but you can expect that they’re looking at ways to contain the damage from this latest blow to the security of their application.
Related
This entry was posted on January 23, 2014 at 8:38 am and is filed under Commentary with tags Snapchat. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Snapchat Rolls Out New Security….. It Gets Comprimised In Less Than 24 Hours
The more I write about Snapchat, the less secure it seems to me. Yesterday Snapchat released a new verification system to enhance the security of the app by verifying that you’re a real person. Here are the details from news.com:
After registering with an e-mail address, password, and birth date, you’re presented with a set of nine tiles, some with Snapchat’s familiar ghost mascot and some without.
Your challenge is to tap on the images with the ghosts. Do it successfully, and you gain entry. Otherwise, Snapchat denies your request and prompts you to keep trying.
It sounds great. Except for the fact that in less than 24 hours, it’s been compromised:
Steve Hickson used his knowledge of how computers recognize images and template matching to show how a computer could foolSnapchat’s new Captcha-style image verification that debuted on Wednesday.
“I spent around 30 minutes writing up some code” to perform the automated recognition and selection task, Hickson said. “With very little effort, my code was able to ‘find the ghost’ in the above example with 100 percent accuracy.”
He explained that after “thresholding” them, which separates an image into color segments, he created feature points on the original ghost template and had his script look for matches in the extracted images.
“If the uniqueness is high enough and enough features are found, we call it a ghost,” he said.
Well, that’s just great. Snapchat hasn’t said anything about this, but you can expect that they’re looking at ways to contain the damage from this latest blow to the security of their application.
Share this:
Like this:
Related
This entry was posted on January 23, 2014 at 8:38 am and is filed under Commentary with tags Snapchat. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.