Australian-based Gibson Security has published two previously undocumented Snapchat security exploits that affect both Android and iOS platforms. The group says their intentions aren’t malicious and found it in the best interest of everyone to fully disclose what they’ve uncovered over the past several months.
In an interview with Business Insider, the group said the hacks don’t allow someone to grab and view unopened Snaps. Instead, the exploits permit anyone to obtain the phone number of any Snapchat user without their permission.
Hackers could use the metadata along with other APIs to build massive profiles of Snapchat users and sell the data to the highest bigger for a lot of money. Given the app has an estimated eight million users, there’s certainly a lot of people at risk now. Other potential uses could be targeted scamming or worse, stalking.
Releasing an undocumented security exploit into the wild is typically frowned upon but for Gibson Security, it was the only option they felt might ultimately get Snapchat's attention and the bugs patched.
You see, the group claims they first reported the issues to Snapchat back in August. After four months, the disclosure still hadn’t been addressed in the latest version of the app which is how we arrived at the public disclosure now. The idea is that by publishing the exploit, it’ll force the company to address it now that everyone knows about it.
Any bets on how quickly it’ll be patched now?