More Details On The 3rd-Party Apps That Led to Snapchat Leaks

Yesterday we posted a link to Computerworld's reports that (unnamed) third-party apps were responsible for a massive leak of Snapchat images from the meant-to-be-secure service. An anonymous reader writes with some more details: Ars Technica identifies the culprit as SnapSaved, which was created to allow Snapchat users to access their sent and received images from a browser but which also secretly saved those images on a SnapSaved server hosted by HostGator. Security researcher Adam Caudill warned Snapchat about the vulnerability of their API back in 2012, and although the company has reworked their code multiple times as advised by other security researchers, Caudill concludes that the real culprit is the concept behind Snapchat itself. "Without controlling the endpoint devices themselves, Snapchat can't ensure that its users' photos will truly be deleted. And by offering that deletion as its central selling point, it's lured users into a false sense of privacy."

Excuse me while..

I don't feel sorry for those who thought this was seriously secure, and two, who the hell sends naked pictures of themselves and actually thinks other people won't see them? 1999 called and it wants it's noobs back.

Re:Excuse me while..

[Lehk228]

if they are 15 and under they should not be taking nude photos at all!

Re: Excuse me while..

Even if you were to "..control the endpoint device..." in the sense I read (locked down hardware, software), what's to prevent someome from simply taking a picture of the image being displayed using an independent camera?

The fact of the matter is, once data is shared in the analog, there's plenty of independent technologies that can capture a rendition of the data and there will be for the forseeable future (quantum entanglement has come a long way but we're not sharing nudes using the principle, *yet*). They may no be perfect and may be lossy, but they're good enough to be damaging in this context.

Re:Excuse me while..

[Kjella]

and two, who the hell sends naked pictures of themselves and actually thinks other people won't see them? 1999 called and it wants it's noobs back.

Teens who want to get laid. Like it or not, cell phones and social media has taken over a lot of the real-world interaction we used to have as teens. Mainly because I didn't have a cell phone until my late teens, much less a camera phone and nothing like social media. A lot of the flirting and teasing that used to happen in dark corners at parties is now happening through texting and sexting online. Not to mention the upkeep of an ongoing relationship, if you wanted to get more graphical than you'd say over a fixed phone line in the hallway you had to hook up in person. Today you're more expected to keep it up all the time, even if you're apart which means sending naughties on Snapchat and such. Yes, sometimes it backfires badly but people in love won't believe their love will stab them in the back. And while I'm pulling this statistic out of my ass, I think most personal photos most of the time aren't shared with anyone but the intended recipient and aren't abused. And I think that still holds true even though these 200k pics leaked.

Re:Excuse me while..

[drnb]

"I don't feel sorry for those who thought banks were seriously secure, and two [where's "one?"], who the hell sends dollars to banks and actually thinks other people won't steal them? 1999 called and it wants it's noobs back."

Banks are regulated by the government. Bank deposits are insured by the government. When banks get robbed depositors do not lose money. If you want to refer to "noobish" days when depositors were vulnerable you have to go back long long before 1999.

Re:Excuse me while..

if they are 15 and under they should not be taking nude photos at all!

Don't forget to lobby for more abstinence-only sex education!

Re:Excuse me while..

[wvmarle]

Agreed with the "should not" part.

However "should not" and "not doing" are two different things - especially for exactly kids that age. It's the age of self-discovery, of rebellion, doing things they know they shouldn't do, without yet realising the consequences.

In my time (I was that age in the late 1980s), taking nude pics of oneself and sending it to school friends was just not an option. That's probably the only reason it didn't happen back then, or any time before the early 2000s - the time web cams became ubiquitous, and instant digital shots could be made from the privacy of one's bedroom, with little to no chance of parents finding out. Nowadays of course web cams have been replaced by mobile phones, making it even easier.

It is more reasonable to understand that there are always kids that actually do this, trying to stop them is futile. Instead teaching general computer security as part of modern day computer lessons would be the way to go. One major part should be to have all people understand that if you can see a picture, you can save that picture, period. No matter what the app proclaims. It may be hard, you may not be able to pull it off yourself, but it can be done, and as a result those pics and other data may end up where you don't want them to.

Re:Nice article

[wiredlogic]

A healthy percentage of those pictures are going to be of underage teens. They aren't going to be as readily distributed as the celeb leaks because of the real threat of jail time and a ruined life for anyone attempting it.

So wait-- where's the outrage?

Where are all the Lovejoy Law paternalists who normally go after tor and p2p services? Shouldn't they be going after Snapchat for the same reason?

IDWISOTT

[pushing-robot]

Ars Technica identifies the culprit as SnapSaved, which...secretly saved [users'] images on a SnapSaved server

In related news: Mysterious Twitter-related injuries traced to users of popular addon service TweetAndWeHitYouWithASpanner.com

(and why in god's name does a service like SnapChat have an API?)