Snapchat photos being released by the gig

[thewayne]

Snapchat is a picture message service with a difference: once viewed, the message is deleted, never to be seen again. Great for teens to sext each other, right? Wrong. Someone wanted persistence and set up a server to archive these pix. And that server got compromised. So now there are a huge number of what amounts to kiddie porn floating around the interwebs since the biggest demographic of Snapchat users are from the ages of 13 and 17.

Google Translation of original German site:
http://translate.google.com/translate?hl=en&sl=de&tl=en&u=http%3A%2F%2Fwww.heise.de%2Fsecurity%2F

You might have to dig down for the link to The Snappening, the Google URL seems to be linking to the top of the site.

Comments

[silveradept]

Was it someone associated with Snapchat who did the archive server? Or did the government get sloppy?

[thewayne.livejournal.com]

Apparently there are some add-ins that you can install in your phone aside from the Snapchat app and those are what caused the vulnerability.

[silveradept]

...because someone will naturally want to archive those things that should be one-time only, like sexting pictures. What I want to know is why they didn't develop it to create a local archive instead of a webserver.

[thewayne.livejournal.com]

A local archive would have the same vulnerability, especially with Android phones, and it's pretty much guaranteed that teens would want to keep what's probably soft porn when they could, negating the purpose of Snapchat. There's a lot of malware in that market, and that's one of the main reasons that I'm on my second iPhone (my 6 came in last Friday).

[silveradept]

Unsurprising - now, was it that anyone who used Snapchat could have been caught by this, or only people with archiving apps installed?

[thewayne.livejournal.com]

From what I have read, the issue was with a service called SnapSaved. They reverse engineered Snapchat's API, found some vulnerabilities, and it allowed them to archive what were supposed to be ephemeral pix and vids. So there's two problems here: Snapchat wrote a buggy API (for which they have been criticized) and some users wanted permanence, thus creating a demand for SnapSaved and negating the purpose of Snapchat. I get the impression that were one party to send an image to another and the second party is using SnapSaved, the first party might never know.

I came across this today which talks about some of what's going on:
http://www.wired.com/2014/10/the-snappening-is-not-your-fault/

[silveradept]

Lovely - a lack of sufficient security on one end leaves to the ability to satisfy the demand for permanence, which is then distributed widely because of a lack of sufficient security. Not quite For Want Of A Nail, but it seems close.