Snapchat pawned in 30 Minutes : CAPTCHA Cracking Tool Published


Snapchat's new Security feature Hacked in 30 Minutes; CAPTCHA Cracking tool published

Snapchat suffered a massive data breach back in December in which 4.6 million usernames and phone numbers were compromised.

Earlier this month, the company launched an update to its iOS and Android apps, added a new security measure to ensure that new users aren’t spambots or a robot. While signing up for the first time, it now displays nine images and then ask you to pick which images have a “ghost”.

Within 24 hours of Snapchat releasing an improved security feature, a developer has written a computer program capable of cracking it.

Another hacker, ‘Steven Hickson‘ took only 30 minutes to write a script that can crack this new security feature. In this CAPTCHA feature, basically have you choose from amongst a bunch of images, identifying the ones that have the Snapchat ghost to prove you are a person.
The problem with this is that the Snapchat ghost is very particular. You could even call it a template. For those of you familiar with template matching (what they are asking you to do to verify your humanity), it is one of the easier tasks in computer vision.”
He wrote a script that can map out the exact shape of the Snapchat by matching it with the templates. Basically, he took an image of Snapchat’s logo, then built a program that can identify certain points on the logo and match them to the images in the test.
He was able to effectively bypass Snapchat’s test with 100 percent accuracy. “There is a ton of ways to do this using computer vision, all of them quick and effective. It’s a numbers game with computers and Snapchat’s verification system is losing.

He has also published the source code of cracker on the GitHub.

Source : The Hacker News