Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hacker Posts Snapchat Source Code To GitHub (thenextweb.com)

Posted by BeauHD on from the marked-as-read dept.

tacarat shares a report from The Next Web with the caption, "Oops": A GitHub with the handle i5xx, believed to be from the village of Tando Bago in Pakistan's southeastern Sindh province, created a GitHub repository called Source-Snapchat. At the time of writing, the repo has been removed by GitHub following a DMCA request from Snap Inc, so we can't take a closer look and see what it contains. That said, there are a few clues to its contents. The repository has a description of "Source Code for SnapChat," and is written in Apple's Objective-C programming language. This strongly suggests that the repo contained part or whole of the company's iOS application, although there's no way we can know for certain. It could just as easily be a minor component to the service, or a separate project from the company.

The most fascinating part of this saga is that the leak doesn't appear to be malicious, but rather comes from a researcher who found something, but wasn't able to communicate his findings to the company. According to several posts on a Twitter account believed to belong to i5xx, the researcher tried to contact SnapChat, but was unsuccessful. "The problem we tried to communicate with you but did not succeed In that we decided [sic] Deploy source code," wrote i5xx. The account also threatened to re-upload the source code. "I will post it again until you reply :)," he said. A Snap spokesperson said in a statement: "An iOS update in May exposed a small amount of our source code and we were able to identify the mistake and rectify it immediately. We discovered that some of this code had been posted online and it has been subsequently removed. This did not compromise our application and had no impact on our community."

According to Motherboard, some researchers appear to be trading the data privately.

49 comments

  1. forked by nimbius · · Score: 4, Interesting

    https://github.com/nimbius/Sou...

    --
    Good people go to bed earlier.
    1. Re:forked by Anonymous Coward · · Score: 0

      So it's OK to have this if you're a "researcher"?

    2. Re:forked by ole_timer · · Score: 1

      security researchers get a free ride...unless they signed an nda...

      --
      nothing to see here - move along
    3. Re:forked by Anonymous Coward · · Score: 0

      This has been floating around for 3 months and they just noticed now?

    4. Re:forked by nadass · · Score: 1

      That was already forked from a repo last updated 3 months ago from https://github.com/4jy/Source-...

    5. Re:forked by Anonymous Coward · · Score: 0

      Just call them exploit salesmen, it's a better description for most of them.

      Bunch of black hats who pretend they are kosher because they only sell to Saudi Arabia but not Iran.

    6. Re:forked by Anonymous Coward · · Score: 1

      Hey, uh, Snapchat folks, if you're reading this, you might want to look up the Streisand Effect. I never would have come across your source code if you hadn't tried to hide it. See, that's not how the Internet works. Once it's out, it's out. Horse bolted, barn burnt to the ground, gone.

      There's no use latching the ashes together.

    7. Re: forked by Anonymous Coward · · Score: 0

      âoeVulnerability pimpsâ they are called in these parts.

    8. Re:forked by johnsie · · Score: 1

      Not much source code in there. It's certainly not the code for the whole app.

    9. Re:forked by Anonymous Coward · · Score: 0

      Also here

      These silly companies that think they can put the genie back into the bottle. Once it's out, it's out. The DMCA ain't going to do shit.

    10. Re:forked by Anonymous Coward · · Score: 0

      Just gotta have a soundbite, placate people, shareholders, can't let them stocks dip.

  2. Seriously? by mattyj · · Score: 1

    How does an app update expose source code? I can't even think of a mechanism that could make that happen, unless your developers are purposely inept. More likely scenario is that someone inside shared the code with his buddies and it leaked out. Either way, still some serious problems with configuration control there.

    1. Re:Seriously? by Anonymous Coward · · Score: 0

      Someone likely accidentally added the source code to the target, which copies the uncompiled source files to the target bundle in a build phase.

    2. Re:Seriously? by pak9rabid · · Score: 1

      What a great code-review process they have...

  3. In Other Words... by DatbeDank · · Score: 0

    The pictures don't get deleted and are stored for permanent recall.

    Who else believes that the government is looking out for our best interests, all modern examples of communism aren't the right kind of communism, and social media does its best to weigh both liberal and conservative voices? /sarcasm

    1. Re:In Other Words... by ArchieBunker · · Score: 2

      This was proven years ago when a bunch of pictures were leaked from their servers.

      --
      Only the State obtains its revenue by coercion. - Murray Rothbard
    2. Re:In Other Words... by Anonymous Coward · · Score: 0

      Who else believes that ... all modern examples of communism aren't the right kind of communism.

      You mean all modern examples of communism ARE the right kind? Hold on ... there's been an actual modern example of communism?!

    3. Re:In Other Words... by Anonymous Coward · · Score: 0

      Kibbutzim

    4. Re:In Other Words... by haruchai · · Score: 0

      Then he'll pardon himself and have a rally right then and there.

      Nobody can pardon Trump like I can. You think Obama could do this? Crooked Hillary.
      Nobody, believe me.

      --
      Pain is merely failure leaving the body
    5. Re:In Other Words... by johnsie · · Score: 1

      Hehe, you sound like that crazy NSA obsessed woman from orange is the new black. You need to take your meds.

    6. Re:In Other Words... by Anonymous Coward · · Score: 0

      At least dream are still free.

  4. Couldn't contact Snapchat or... by Anonymous Coward · · Score: 0

    maybe they finally RTFM on hackerone.com/snapchat?

    Non-qualifying vulnerabilities and exclusions
    - Social engineering attempts on our staff including phishing emails
    - Attempts to access our offices or data centers

  5. good news, maybe? by Anonymous Coward · · Score: 1

    Does this mean Snapchat could become a usable protocol or possibly even a standard someday?

    1. Re: good news, maybe? by nazsco · · Score: 1

      hi middle aged millenial. the current young generation all use snapchat via unofficial clients already. just like you used Trillian in the 90s and couldn't belived middle-aged people at the time used both icq and msn official clients.

  6. Hasn't the fad passed? by Anonymous Coward · · Score: 0

    It must have been about a year since I last sent or received a snap chat.

    It must have been about 3 years since anyone was actually talking about the app.

    As far as I'm concerned it's dead. I never really got the point of it except for teenagers to share pictures of their genitals.

  7. "a small amount of our source code" by SlaveToTheGrind · · Score: 5, Insightful

    Yeah, if the world suddenly discovered there were only a few thousand LOCs behind my $16B market cap, I'd probably try to save face too.

    1. Re:"a small amount of our source code" by Wrath0fb0b · · Score: 1

      Pretty sure the iOS client application source is pretty small compared to the backend source.

      Not saying anything about market caps and justifications of course.

    2. Re:"a small amount of our source code" by Actually,+I+do+RTFA · · Score: 1

      The codebase of Snapchat may be worth a couple of million. 16 billion in value is mostly the millions of young people who spend there time on it.

      --
      Your ad here. Ask me how!
  8. And nothing of... by datavirtue · · Score: 2

    And nothing of value was gained or lost.

    --
    I object to power without constructive purpose. --Spock
  9. Seriously! by Anonymous Coward · · Score: 0

    It musta been h4xx0rz! wif de h4444xx!!!

    Because we can't have nice things.

  10. The same guy has uploaded Source-SCCamera ... by Anonymous Coward · · Score: 0

    and they didn't block it. Nor the various clones.

  11. No!!!! by Anonymous Coward · · Score: 0

    Please stop the infestation from spreading. This is the last thing we need!!!

  12. Just stop... by Anonymous Coward · · Score: 0

    Please stop spreading this terrible blight on humankind...

    Nuke it from orbit

  13. No way to tell by Anonymous Coward · · Score: 0

    the repo contained part or whole of the company's iOS application, although there's no way we can know for certain. It could just as easily be a minor component to the service, or a separate project from the company

    No way at all whether you could determine whether the source code did the same as the snapchat application.

    No way at all.

    Impossible

    (Although it could be a parallel development)

  14. innocent... lol by someone1234 · · Score: 2

    "The most fascinating part of this saga is that the leak doesn't appear to be malicious, "

    Yeah, he basically says this: pay up or i will publish your source code. Not malicious at all.

    --
    Patents Drive Free Software as Hurricanes Drive Construction Industry
  15. Oh god no by Anonymous Coward · · Score: 1

    Now people will be able to send photos to each other

  16. a few lines of code by Anonymous Coward · · Score: 0

    so it's what, like 50-100 lines of code, mostly calling open-source frameworks by someone else.

    There is little "new" or "exciting" in snapchat.

    Telemetry, ads , and data exfiltration.

    Like less than 1k lines of java.

    and this is a billion dollar company?

    1. Re:a few lines of code by zwarte+piet · · Score: 1

      Your point being....? Some people become millionaires by selling paperclips or bottled water or making movies about talking animals and Facebook is only a website. But I think you forget all the clever playthings they put in to make it attractive.

  17. lol by Jessica+Trent · · Score: 1

    Wow, that is very serious that posted the source code snapchat. I have a question, and can take this source code to do something like this? Or they get caught on the fact that they have no rights?

    1. Re:lol by zwarte+piet · · Score: 1

      Let's say that if you plan to come up with a snapchat clone based on their code the chances are slim of becoming rich with it.

  18. Maybe someone can fix it by Anonymous Coward · · Score: 0

    I'm """"forced"""" to use snapchat because I have some friends who only want to use it. Whenever I open the app, it slows down my entire phone. For the first ~30 seconds of the app being open, none of the UI is functional. The camera has visible lag and updates every ~3 seconds.

    It's by far the worst running app I've ever put on my phone, I wonder if they put a cryptocurrency miner in there to recoup the losses from their stupid snap goggles or whatever that was.

    1. Re:Maybe someone can fix it by Anonymous Coward · · Score: 0

      I'm """"forced"""" to use snapchat

      No, you are not "forced" to use snapchat. You choose to allow yourself to be pressured by so-called "friends" into using an application that you don't really want to use.

  19. Shocking by micahraleigh · · Score: 1

    Why wouldn't hackers respect the moral value of this high volume porn conduit ?

    How could such upstanding people, such as hackers, commit this impropriety to this wonderous app?

    Clearly we are not spending enough on education, redistribution schemes, and Keynsian dirt relocation ...