Snapchat hack shows danger of viruses to security

October 16, 2013
Snapchat hack shows danger of viruses to security

When it was launched, Snapchat seemed to be a great idea: This was a form of social media that, like Facebook, Bebo and many others, could carry photos. However, instead of access to view images being fixed according to privacy settings, the site worked simply through the sender delivering a picture to the recipient that would only be visible for a few seconds.

After this, the picture would vanish, ensuring the image could not be re-used. It would mean people could, for example, send 'selfies' of a kind that might cause embarrassment were they to become public, without any risk that this would actually happen.

However, just such a possibility now faces many users and it could provide lessons for business security as well. A new app called Snaphack has been created, which enables the recipient to reopen the image without the sender knowing. Once in possession of it, such an image may be used maliciously.

Speaking to the BBC, Snaphack's creator, UK-based developer Darren Jones, was unrepentant. He said: "Snapchat has not been in touch and I imagine it's only a matter of time until they request that my app is removed. But my app just proves and informs people that these apps exist and people need to be careful."

He added: "For months people have been sending private images without knowing it has been possible to do this kind of thing with them with other apps. The ideal response from Snapchat will be to put a system in place to stop people being able to save images in this way or any other."

The use of the app is a breach of Snapchat's terms of use, but not the law – it can be bought from Apple – and the fact that anyone could deploy an app that circumvents the system and abuses the purpose of the site is of greater significance. After all, cyber criminals by definition are not people who play by the rules, so they will go a lot further in the deployment of data-breaching devices than Snaphack.

This raises questions over data storage that companies must ask themselves, if they are to keep their information secure. In the past, when paper records were kept, staying safe meant locking the filing cabinet, and eliminating sensitive information to prevent it falling into the wrong hands meant loading it into the shredder. Leaking this data could be achieved through photocopying and then either spiriting the duplicates out of the office in a briefcase or by faxing.

However, with electronic data the key is to ensure that it can either be destroyed entirely or stored in a way that is so secure no third party can access it. As Snaphack shows, software loaded onto a system that can track data may cause it to reach third parties. Spyware, trojans and key-loggers (which can track what is being typed) are examples of the viral threats out there. Some of these were contained in the Blackhole and Cool malware kits sold by a cyber criminal calling himself Paunch, who authorities in Russia reportedly believed they had arrested earlier this month.

The use of Snapchat has been associated with the rise of sexting, where individuals send others particularly intimate pictures for the purpose of furthering their aims to start a relationship. This carries the risk that, were such images to fall into the wrong hands, the individual who sent them could be the subject of blackmail or simply the malicious use of the pictures, not least if the person who obtains the images knows the sender.

For companies, the consequences could be even worse, with the theft of data meaning rivals could get an early warning of a company's plans, while blackmailing or the theft of account details could be used for ill-gotten financial gain.

The Snapchat issue is just one of many in which Britons could be falling short on data security.

Last month, research published by Sainsbury's Bank indicated that two billion pieces of digital content had been lost by Britons in the preceding 24 months, worth more than £1 billion. As well as losing things of personal value and favourite songs, it can also mean work data is also at risk of ending up in the wrong hands.