The Washington PostDemocracy Dies in Darkness

Snapchat has a new security feature. It was broken by a hacker in 30 minutes.


Snapchat's security problems are like a lingering cold — they just won't go away.

The company this week updated its app to make it harder for hackers to create an automated system for creating accounts that allows them to steal real users' phone numbers. The system relies on a graphical CAPTCHA that requires people to identify the company's logo against various backgrounds to make sure "you're not a robot."

But even this latest attempt to secure the app failed to stop a security researcher, Steven Hickson.

After learning of the new measure, Hickson said on his blog that he spent about half an hour writing a program that was capable of automatically detecting the company's ghost logo, just like a real human.

"The Snapchat ghost is very particular," he wrote. "With very little effort, my code was able to 'find the ghost' ... with 100% accuracy."

Hickson's method essentially involved sampling distinctive points on the icon of the Snapchat ghost and teaching the computer to recognize it.

Mary Ritti, a company spokeswoman, declined to comment specifically on Hickson's findings.

"We continue to make significant progress in our efforts to secure Snapchat," she said. "For security reasons, we cannot provide detailed information on security countermeasures."

Hickson told me he intends to keep probing Snapchat over the next several days "just so that corporations (and even politicians) realize that they need to consult experts and academia before they implement any sort of policies involving technology."