X

Snapchat's new verification already hacked

Security researcher shows that the service's new "find the ghost" system to prove that you're a human and not a bot can be easily tricked.

Seth Rosenblatt Former Senior Writer / News
Senior writer Seth Rosenblatt covered Google and security for CNET News, with occasional forays into tech and pop culture. Formerly a CNET Reviews senior editor for software, he has written about nearly every category of software and app available.
See full bio
Seth Rosenblatt
Steve Hickson's graphic shows points on a Snapchat ghost extracted from its image recognition system that his script matched against a Snapchat ghost template he created. Steve Hickson

In about the time it takes to order of one of those vile pizza replicas from Domino's, one security researcher has proven how Snapchat's new verification system can be hacked.

Steve Hickson used his knowledge of how computers recognize images and template matching to show how a computer could fool Snapchat's new Captcha-style image verification that debuted on Wednesday.

"I spent around 30 minutes writing up some code" to perform the automated recognition and selection task, Hickson said. "With very little effort, my code was able to 'find the ghost' in the above example with 100 percent accuracy."

He explained that after "thresholding" them, which separates an image into color segments, he created feature points on the original ghost template and had his script look for matches in the extracted images.

"If the uniqueness is high enough and enough features are found, we call it a ghost," he said.

Snapchat did not immediately return a request for comment. CNET will update the story when we hear back from them.

When it comes to security, Snapchat has had a rough time of late. The company's user database was hacked, exposing the usernames and phone numbers of 4.6 million users, and a 16-year-old texted Snapchat Chief Technology Officer Bobby Murphy's phone to prove that the system was still insecure.