Yep, Snapchat still sucks at security – new anti-spam measure cracked in less than 30 minutes

By on

Image: Screenshot from TechCrunch

Image: Screenshot from TechCrunch

It’s been a bad few weeks for Snapchat after many people called into questioned how secure users were on the service – especially given how dismissive they were to an exploit which lead to 4.6 million usernames and phone numbers leaked, and a sudden increase in spam.

However, the company has said they are now working on fixing its security problems. In the last 24 hours, the company rolled out a new measure to ensure those signing up are humans and not computer bots.

Those who want to sign up to the service are required to choose the images – out of the nine presented – that feature the Snapchat “ghost” before registering. Choose correctly, and the app will let you in. Otherwise, you’ll be locked out.

There’s only one tiny little problem.

It’s been cracked – in less than 30 minutes.

Steven Hickson, a computer science graduate student from Georgia Tech University, wrote in a blog post that it was really easy to get around. Because the ghost has the same shape, regardless of the size and rotation, Hickson was able to write a program that could automatically find the ghost in the image.

“If it takes someone less than an hour to train a computer to break an example of your human verification system, you are doing something wrong,” Hickson wrote. “There are a ton of ways to do this using computer vision, all of them quick and effective. It’s a numbers game with computers and Snapchat’s verification system is losing.”

And if you want to see the code in action or have a tinker with it, Hickson has made it available online.