Security researchers at Gibson Security handed Snapchat
what amounts to a lump of a coal on Christmas morning by exposing a security flaw that, when exploited, would grant hackers access to users' phone numbers without their permission. It's essentially a how-to guide for hackers with detailed instructions, and the reason Gibson Security made the information public is because the company claims Snapchat has known about the flaw for several months and has done nothing about it.
Gibson Security says it first made Snapchat aware of the issue in August, nothing that none of the exploits revealed have been addressed in past four months.
"Seeing that nothing had been really been improved upon (although, stories are using AES/CBC rather than AES/ECB, which is a start), we decided that it was in everyone's best interests for us to post a full disclosure of everything we've found in our past months of hacking the gibson," Gibson Security wrote.
There's a bit of animosity in Gibson Security's blog post
. At one point, the firm flat out accuses Snapchat of "lying to investors." The company's referring to the millions of dollars in funding
Snapchat has received, as well as buyout offers rumored to be as high as $3 billion
The bottom line for Snapchat users is that their phone numbers are at risk. It's also worth noting that the security hole is present in both iOS and Android versions of the photo and video sharing app. On the surface this may not seem like a big deal, but Gibson Security contends hackers can make a good deal of money by selling personal information on the underground market.