updated 06:36 am EST, Thu January 23, 2014
Snapchat Captcha defeated by 100 lines of code created in 30 minutes
A coder has claimed to have bypassed Snapchat's verification system, within a day of its launch. The verification system, which attempts to prevent spammers from quickly creating accounts via a Captcha-style method, was circumvented by less than 100 lines of code and approximately 30 minutes of work, strongly suggesting that the system is not fit for purpose.
Snapchat's authentication system asks new users to select a number of images from a collection of nine, but only the images containing the Snapchat ghost. Upon seeing reports from CNET about the new system, Steve Hickson created a program that automated the recognition of the ghost template. Though Hickson admits the system is not perfect, he writes "if it takes someone less than an hour to train a computer to break an example of your human verification system, you are doing something wrong."
Output from Steve Hickson's Snapchat Captcha code
The security of its users is an ongoing issue for Snapchat, with approximately 4.6 million usernames and numbers being leaked from the service through an API vulnerability earlier this month. The company apologized, updating the app allowing users to opt out of linking their phone number to their username, and pledging to try and prevent similar security lapses in the future.