Oh, Now I Feel Secure: Snapchat Person Verification Cracked in 30 Minutes

outThose of you that use Snapchat have probably noticed a new person verification feature that came out yesterday morning. In it you have to pick out a ghost from a series of 9 images. So it’s something easy for a human or human ghost to do but difficult for a robot or robot ghost. Or at least that’s how it’s supposed to work.

Steven Hickson saw an article about the new security system and decided to see what he could do to get around it. Because that’s the kind of thing that some people do for fun, get around security features.

First a little background. About a month ago, 4.6 million Snapchat users had their information compromised by a security hole. In an attempt to bump up security, Snapchat has implemented a new person verification method to ensure new accounts aren’t created by computers.

It took [Steven] only 30 minutes to write a program that uses simple thresholding, SURF keypoints and FLANN matching to find the ghost. In his tests, he’s found the ghost with 100% accuracy. He also muses that there is an even more efficient way to do it, he was just too lazy to do it.

I’m glad to see that people are still making things. Even if those things are evil.