Slashdot Mirror

← Back to Stories (view on slashdot.org)

More Details On The 3rd-Party Apps That Led to Snapchat Leaks

Posted by timothy on from the you-didn't-really-think-they-were-secure-did-you dept.

Yesterday we posted a link to Computerworld's reports that (unnamed) third-party apps were responsible for a massive leak of Snapchat images from the meant-to-be-secure service. An anonymous reader writes with some more details: Ars Technica identifies the culprit as SnapSaved, which was created to allow Snapchat users to access their sent and received images from a browser but which also secretly saved those images on a SnapSaved server hosted by HostGator. Security researcher Adam Caudill warned Snapchat about the vulnerability of their API back in 2012, and although the company has reworked their code multiple times as advised by other security researchers, Caudill concludes that the real culprit is the concept behind Snapchat itself. "Without controlling the endpoint devices themselves, Snapchat can't ensure that its users' photos will truly be deleted. And by offering that deletion as its central selling point, it's lured users into a false sense of privacy."

6 of 101 comments (clear)

  1. Excuse me while.. by Anonymous Coward · · Score: 4, Insightful

    I don't feel sorry for those who thought this was seriously secure, and two, who the hell sends naked pictures of themselves and actually thinks other people won't see them? 1999 called and it wants it's noobs back.

    1. Re:Excuse me while.. by Kjella · · Score: 4, Insightful

      and two, who the hell sends naked pictures of themselves and actually thinks other people won't see them? 1999 called and it wants it's noobs back.

      Teens who want to get laid. Like it or not, cell phones and social media has taken over a lot of the real-world interaction we used to have as teens. Mainly because I didn't have a cell phone until my late teens, much less a camera phone and nothing like social media. A lot of the flirting and teasing that used to happen in dark corners at parties is now happening through texting and sexting online. Not to mention the upkeep of an ongoing relationship, if you wanted to get more graphical than you'd say over a fixed phone line in the hallway you had to hook up in person. Today you're more expected to keep it up all the time, even if you're apart which means sending naughties on Snapchat and such. Yes, sometimes it backfires badly but people in love won't believe their love will stab them in the back. And while I'm pulling this statistic out of my ass, I think most personal photos most of the time aren't shared with anyone but the intended recipient and aren't abused. And I think that still holds true even though these 200k pics leaked.

      --
      Live today, because you never know what tomorrow brings
    2. Re:Excuse me while.. by drnb · · Score: 4, Insightful

      "I don't feel sorry for those who thought banks were seriously secure, and two [where's "one?"], who the hell sends dollars to banks and actually thinks other people won't steal them? 1999 called and it wants it's noobs back."

      Banks are regulated by the government. Bank deposits are insured by the government. When banks get robbed depositors do not lose money. If you want to refer to "noobish" days when depositors were vulnerable you have to go back long long before 1999.

    3. Re:Excuse me while.. by wvmarle · · Score: 4, Insightful

      Agreed with the "should not" part.

      However "should not" and "not doing" are two different things - especially for exactly kids that age. It's the age of self-discovery, of rebellion, doing things they know they shouldn't do, without yet realising the consequences.

      In my time (I was that age in the late 1980s), taking nude pics of oneself and sending it to school friends was just not an option. That's probably the only reason it didn't happen back then, or any time before the early 2000s - the time web cams became ubiquitous, and instant digital shots could be made from the privacy of one's bedroom, with little to no chance of parents finding out. Nowadays of course web cams have been replaced by mobile phones, making it even easier.

      It is more reasonable to understand that there are always kids that actually do this, trying to stop them is futile. Instead teaching general computer security as part of modern day computer lessons would be the way to go. One major part should be to have all people understand that if you can see a picture, you can save that picture, period. No matter what the app proclaims. It may be hard, you may not be able to pull it off yourself, but it can be done, and as a result those pics and other data may end up where you don't want them to.

  2. Re:Nice article by wiredlogic · · Score: 4, Insightful

    A healthy percentage of those pictures are going to be of underage teens. They aren't going to be as readily distributed as the celeb leaks because of the real threat of jail time and a ruined life for anyone attempting it.

    --
    I am becoming gerund, destroyer of verbs.
  3. Re:Nice article by CaptainDork · · Score: 4, Informative

    Good question:

    "Though their laws were created to protect minors from exploitation caused by others, states are prosecuting minors under child pornography statutes for sending nude or otherwise lurid self-portraits, even when the minors sent the selfies without coercion. The common quirk in the laws is that there is no exception for taking or distributing sexually explicit pictures of oneself. Thus, a high school student sending a racy seflie to a boyfriend or girlfriend could subject both themselves and the receiver to prosecution for child pornography. If the picture makes its way around other social circles through online or direct sharing, anyone who received or distributed the photo could also find themselves open to charges."

    --
    It little behooves the best of us to comment on the rest of us.