Snapchat has released its official response on the recent security exploits revealed by Gibson Security.
On Wednesday, a report came out that Snapchat has ignored the constant reminder of Gibson Security to fix the security exploits it discovered thus making the researchers publicize it.
“Given that it’s been around four months since our last Snapchat release, we figured we’d do a refresher on the latest version, and see which of the released exploits had been fixed (full disclosure: none of them),” the researchers told ZDNet. In a security report dated August, it said that a hacker could find the mobile number of an acquaintance using the app just by uploading contact numbers through Snapchat’s address-book-lookup tool. Through that exploit, hackers can stalk or harass users or worst sell the information to opportunists. Snapchat defended and denied accusations that its built-in friend finding feature could be utilized in discovering other user’s phone numbers. In its blog post, the company admitted that though its app’s Find Friends feature permit user’s to upload their address book contacts to Snapchat in able to match the phone numbers in its database of users, they don’t display the numbers to other users and support the ability to look up phone numbers based on usernames. The company also said that they have “recently added additional counter-measures and continue to make improvements to combat spam and abuse.” However, Snapchat expressed discontent with the way Gibson Security Firm has acted up on this issue saying, “We are grateful for the assistance of professionals who practice responsible disclosure and we’ve generally worked well with those who have contacted us.” This feature has been scrutinized over security concerns some time ago and is also been used by other messaging apps like Viber and WeChat. However, Snapchat, for now is standing its ground users don't need to worry about the exploits.
