This year was filled with loads of scandals surrounding the providers of several online services. The one with the most media coverage was the one involving Apple's iCloud service - indecent photos of a series of celebrities were leaked online, turning into a huge scandal all around the world. There was another, smaller scandal that was almost unnoticed besides the big one - a series of Snapchat video messages of teens (sometimes in indecent postures) were leaked on the web. These scandals should be considered reminders that we are never safe online.

Being exposed like the Snapchat users mentioned above is relatively easy to avoid. According to a blog post published by the team behind the popular app, the attack that exposed the video messages that were supposed to be self-destructing after a set amount of time was not directed against the service itself, but a third party app using Snapchat's API. These apps require the users to willingly offer them their usernames and passwords to their accounts, in return for extra functionality or just an enhanced visual interface. This is one of the things that exposes users to attacks.


You see, a startup that offers a service to its customers is most of the times created with the ultimate goal to make money. The engineers behind such services will do their best to find and patch up every security hole possible - exposing their users' information to third parties, even by accident, can lead to them losing their credibility and their users' trust, invariably leading to their failure. They limit their apps' functionality for a reason - some features are often left out of the finished product because of their potential to become targets for attacks. Snapchat (to stick with the above example) offered its users the possibility to send short video messages to other users, messages that would self destruct after a set time. This made the service perfect for sending private messages (even indecent of their nature), as the service made sure to delete them without a trace. 

The third party Snapchat app that has become the subject of an attack was not created by Snapchat, just used its API to provide enhanced services to its users. It was not made by a team of professional software engineers and security experts, but it required users to provide their actual credentials to offer their services. Not having a well designed security system, the service was attacked, hacked, and a series of (mostly indecent) Snaps were leaked to the public. Trusting such services is often similar to betting your last dollar at the Major Tom online casino

0 comments Blogger 0 Facebook

Post a Comment

Please Don't Post Any Link in the Comment, Comment will be Removed

 
HowToZilla: How To Do Anything © 2015. All Rights Reserved.
Top