Only hours after Snapchat announced its new verification system to prevent hackers from accessing account details and images, an American hacker has devised a code that bypasses it.
Much like the claim that the Titanic was unsinkable, Snapchat’s claim that its new image-verification system would put an end to a computer’s ability to bypass it has proven to be false.
Snapchat’s verification model was designed to be incapable of being read by computers, as it would require a person to identify the ghost from the Snapchat logo among a panel of nine images.
Easier than captcha
This is a variation on the captcha (Completely Automated Public Turing test to tell Computers and Humans Apart) test, which is used by thousands of websites and requires people to enter a series of words or hard-to-distinguish letters to gain entry to that site.
Snapchat’s software, however, has proven to be a much simpler version to hack.
After only 30 minutes with the new encrypted software, computer engineer Steve Hickson was able to devise a code that would recognise the colour of the logo, discern it from the rest of the images, and then select these images.
In his blog post about the hack, Hickson wrote that the encryption software involved a very simple problem that computers can solve: “The problem with this is that the Snapchat ghost is very particular. You could even call it a template. For those of you familiar with template matching (what they are asking you to do to verify your humanity), it is one of the easier tasks in computer vision.”
Hickson added that Snapchat is potentially facing a losing battle in the fight to prevent hackers from accessing the app: “I’m just saying that if it takes someone less than an hour to train a computer to break an example of your human verification system, you are doing something wrong.
“There are a tonne of ways to do this using computer vision, all of them quick and effective. It’s a numbers game with computers and Snapchat’s verification system is losing.”
This graphic shows how computer engineer Steve Hickson’s software ‘finds the ghost’. Image via Steve Hickson