The revelation that usernames and phone numbers of some 4.6 million Snapchat users have been compromised marked a very bad start of the year for the company behind the popular photo messaging app, but it is not the end of their security woes.
On Wednesday, the company introduced a new way to verify if a user looking to register an account is human: he or she has to choose 4 pictures out of 9 that contain the “Snapchat ghost” (the app’s logo).
Less than 30 minutes later, graduate student researcher at Georgia Tech Steven Hickson wrote a simple script that allows a computer to trick the system.
“This is an incredibly bad way to verify someone is a person because it is such an easy problem for a computer to solve. The problem with this is that the Snapchat ghost is very particular. You could even call it a template. For those of you familiar with template matching (what they are asking you to do to verify your humanity), it is one of the easier tasks in computer vision,” he wrote in a post, and explained how he went about it.
“There are a ton of ways to do this using computer vision, all of them quick and effective. It’s a numbers game with computers and Snapchat’s verification system is losing,” he added.
In the meantime, Graham Smith, a Texas high school student, has also revealed his tug of war with Snapchat after having found and reported to them several security flaws, and his script for solving the “Snaptcha”.