Snapchat introduces a curious anti-spam security measure

After its latest security and privacy issues, the ephemeral messaging application of Snapchat seems to be doing homework. Thus, it has introduced new security barriers to prevent spam or abusive messages through of your service. A curious method to prevent bots or robots created to send messages indiscriminately from accessing the application, creating chaos and increasing user discontent.

SnapchatSecurity issues date back to last year, when some security experts already discovered backdoors with which to gain access to user information. But it was not until last January 1 when things got serious. And it is that a attack exposed the information of around 4.6 million users Not the contents shared through the application, but theiruser name and telephone number After a few days without an official statement and, most criticized, without a real apology on his part, Snapchat began to take security measures.

The most notable, or most showy, is the one recently discovered by the specialized media TechCrunch It is a small visual proof that prevents robots (programs that work automatically) from creating a user account and bothering the rest with advertising or invasive messages The test consists of discerning, among nine images, which ones feature the characteristic Snapchat ghost or mascot This challenge arises whencreate a new account, and requires the new user to select the images in which this figure appears, there being a small variety with colors, shapes, and different characters. Something that may seem trivial to a person, but that is capable of stopping computer programs that are not created to detect these shapes and colors. And it is that before it was enough to only enter a username and a password.

This is not a completely new security measure, it is a variation of the known ones captcha A test in which the user must enter a word represented by distorted charactersThus, it is possible to distinguish between a person and a machine by making it impossible for the latter to recognize deformed characters. However, it is not an infallible test. Not at least in the case of Snapchat And it is that according to the medium TechCrunch, there would already be who would be working on a bypass to skip this test focusing on the fact that the shape of the ghost is always the sameWhich would allow the creation of a program that detects said contour in the different images.

For now, Snapchat has confirmed that this is a temporary security barrier to avoid spam, but they continue to work to improve their application. And it is that, together with this new system, limited the number of users has also been limited to avoid the aforementioned bots, in addition to offering the option to unlink the user account from their phone number to prevent it from being stolen in possible new attacks.

Update:

As commented in the media TechCrunch, we have been able to confirm that there is a bypass that allows you to bypass this new security barrier of Snapchat It is a program created in less than an hour that would allow the recognition of the images in which the charismatic ghost appears in order to access the creation of a user account. This would destroy this security measure that aims to distinguish between distinguish between machines and humans to avoid programs that are dedicated to sending abusive messages through this application . Of course, its own creator affirms that it is not an infallible program Of course it has barely cost him an hourhour of work and 100 lines of code to overcome a security barrier.

The key to all this is in the representation of the ghostBecause, by using the same shape in all the images, it is possible to use a code that measures its characteristic shapes to create a proportional map and compare it image by image . With this it is possible to recognize in which of the images is present and thus be able to pass this visual test Once again, a negative point for Snapchat that can't seem to finish solving its security issues. We will have to wait to see if the company reacts to this new call for attention.