Snapchat has never given that particular illusion of privacy. As the most common and basic example, it has absolutely no way of stopping people from simply taking a screenshot of your image. Snapchat is meant to be used to share throwaway photos without the social expectation that comes from putting it on somewhere like Facebook. Anyone who uses the application learns quickly that someone can potentially store the photo they sent -- in a vast variety of ways.
Snapchat is not a replacement for trust.
Yes and no. The encryption key is fixed? Why not use a session key that is (nominally) ephemeral to the running snapchat process at least?
> if they can view it once
I have a camera and a phone. I can record anything displayed on my phone forever regardless of technology, and so can a three year old. Especially for "sensitive" snapchats, the "analog hole" (aka: a human has to be able to view it for it to be visual communication) renders all these ideas moot. It has absolutely nothing to do with "clever" drm-like hacks.
I never used the app though, and I just tried to go to their website to see how they communicate on this issue just to discover that snapchat.com doesn't contain a single description of the service. There's just a silly video on the frontpage (turtle fights? I'm not sure about the ethics of that) and links to download the app. It's crazy that something so new is already popular enough that they don't even need to explain what it is anymore.
That being said on both apple's and google's app stores the description of the app mentions that the user can make a screenshot and save the picture, so at least they don't try to hide this limitation.
PS: I'm not a SnapChat user, so I admit that I might also be overlooking some functionality of the app that necessitates the use of a local cache
I ended up following a link to another sec.se thread where the idea of secure program obfuscation was discussed.[0] I feel embarrassed for having missed this but it appears that there exists on a theoretical level a manner of solving snapchat's woes.
The wired article ([0][0]) seems to suggest that it would be impractical at the moment due to resource constraints, however I also haven't had a minute to read the paper ([0][1]) yet as it is quite near morning and I need to get to sleep.
On a related tangent, the thing that sprung to mind about this new technique in obfuscation was the potential for using keyed APIs easily from the browser without having to bother the primary site's servers at all. Clearly very far away from there however.
Also, wouldn't secure obfuscation enable a lot of malware to evade detection by most current av programs?
[0][0]http://www.wired.com/wiredscience/2014/02/cryptography-break... [0][1]http://eprint.iacr.org/2013/631.pdf
Snapchat made these security decisions long before anyone had any interest in "cracking" the app, and now I imagine they are looking for a way to get rid of this legacy code without breaking the millions of installed clients out there. It's an interesting problem and for now I'm having fun hacking on the API. If you're a Java person, check out my JavaSnap library which lets you send and receive Snaps.
I understand that you are never going to be able to stop the intended recipient keeping the image - that's trivial just with a screenshot, and anyone even capable / caring enough to run the linked code is going to defeat any further obfuscation you pile on.
What isn't clear to me from the link is: Is this same encryption the only protection applied to "snaps" that are in-flight? If I run my own wireless access point, can I use this code to decode all messages received by Snapchat users connected to my AP?
If you know the key, and because Snapchat will have to know where the files are, malware developers can write apps that scan the image directory, decrypt the files then send them to their own service.
Arguably, encrypting all snapchat traffic with the exact same key is almost worthless, and they could just send everything unencrypted. If a snooper knows they're looking at snapchat traffic, decrypting it is trivial.
At least with a key exchange, you have a good chance that only the targeted recipient can view the photo.
the usual piracy arguments are fine, and yes information that can be viewed by the intended recipient is necessarily crackable, but i think we owe it to our industry and community to not ignore the past X years of work in this field and implement embarrassingly naive amateur solutions. however it does require knowledge and effort to exploit this - particularly physical or close access to the device - imo no layers of security are not worth much once an attacker has physical access.
SnapChat is not alone - there are much, much worse offenders. That recent memory optimisation article about Firefox was imo considerably more shocking... browsers in general seem to be littered with amateurish crap. Even things like Office have some serious problems (why is this file locked? have you memory mapped it? do you need to actively stream my 1.2MB of excel file? really?) the Visual Studio devs have classically thrown away and rebuilt lots of good work over the last two iterations, whilst damaging the quality of the compiler - despite adding features. if valid code from popular libraries stops building between releases i wonder what regression tests are being done if any...
It's a little like the old (tv series) adage of don't discuss crime in a car -- it's easy to place a bug in a car, so assume that it's bugged, if you have reason to fear someone's bugging you. Even if you're using encrypted phone/voip-chat -- that won't help squat if there's a microphone in the vicinity that can pick up both ends of the conversation...
More work. Since the users don't care about this breach anyway (which is why it hasn't been solved yet), it's not worth the developers' time.
