View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
January 23, 2014

Coder defeats Snapchat security measure in 30 minutes

Snapchat's latest security measure, a 'find the ghost' captcha, was defeated in less than an hour by a coder.

By Cbr Rolling Blog

Yesterday I wrote an article about Snapchat’s latest security measure, the rather cute alternative captcha that asks users to identify the company’s ghost icon out of a series of cartoon images.

Well, apparently it took less than an hour for a coder to defeat the anti-bot system.

Snapchat Ghost

Steven Hickson, a computer science graduate student at Georgia Tech and former NSA employee, wrote a blog on his hacking plan. He claimed that it took around 30 minutes t write up some code that would allow a computer to get past the captcha.

Considering it only took him half an hour, it sounds awfully complex. I won’t even begin to start figuring out his moves, so here is an excerpt from his blog explaining his method:

"First, I extract the different images from the slide above, then I threshold them and the ghost template to find objects that are that color. Next, I extract feature points and descriptors from the test image and the template using SURF and match them using FLANN. I only use the "best" matches using a distance metric and then check all the matches for uniqueness to verify one feature in the template isn’t matching most of the test features. If the uniqueness is high enough and enough features are found, we call it a ghost."

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

Got that?

Apparently his software is not totally flawless, but it is still accurate enough for it to be a problem for Snapchat.

This isn’t the first time Snapchat has been caught out by external coders. Gibson Security warned the company of its vulnerabilities, insisting that the app could be exploited by hackers, just days before 4.6 million Snapchat accounts were accessed.

So although Snapchat thought it was being clever with a ‘find the ghost’ game, it was actually doing nothing to deter future hackers, as it is apparently way too easy to defeat. What their next security move will be is a mystery, but they should probably act fast to avoid another hacking.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.