In an effort to cut off spam accounts and keep hackers from stealing phone numbers, Snapchat has plugged a big vulnerability first outed by 16-year-old high school sophomore, Graham Smith, by introducing a ghost mascot within images. To prevent the creation of dummy accounts, Snapchat now requires users signing up to choose its new ghost mascot out of a series of images; the method is similar to the usual “captcha” security you see online, but obviously you need the cognizance to choose the correct image to prove you’re not a bot.
TechCrunch has an in-depth report on the whole saga, which eventually resulted in the creation of SnapchatDB, a database of 4.6 million usernames and mostly complete phone numbers. Smith has been able to find a number of exploits lying out in the open in Snapchat, some of which didn’t get addressed, despite Smith’s best efforts, until something actually happened (such as the aforementioned SnapchatDB).
While the image captcha method is more advanced than the simplicity of typing in a worded answer, TechCrunch says vision or object recognition algorithms are capable of beating Snapchat’s newest security measure. In addition to the new system, Snapchat has implemented server-side checks to ensure people using the service’s Find Friends feature are actual users with verified phone numbers. You sure you’re not a bot? Then you should have no problem finding the ghosts.