Friday, December 28, 2012

Uncovered: An easy way to save Poke and Snapchat data forever

Share anything online and there's always a risk of a privacy breach. If you love the disappearing messages on Snapchat and Poke, a new report issued on Friday may take you aback: there are ways to save the information forever.

The idea of both of these services is that you send a message, video or picture and after a set number of seconds (up to 10), the message vanishes. It's a good way to embarrass yourself or someone else, but only temporarily.

The problem is it is easy to work around -- relatively speaking.

As BuzzFeed found, an iPhone user -- and the vulnerability seems to only apply to iPhones -- can save a video as follows.  He simply has to tap the message to load it, but doesn't open it. He thens plug his device into a computer, navigates to the phone's internal storage using a file manager such as iFunBox, and finds the folders for Snapchat and Poke where the videos are stored locally.

For Snapchat, users navigate to the Snapchat folder, then go deeper, into the folder called "tmp." For Poke, videos are stored further down in the app's files, in library/caches/fbstore/mediacard. Copy the videos to your computer and viola.

Interestingly enough, and perhaps something that might push users to Poke, Snapchat's videos remain in their folder even after viewing; Poke videos appear to be deleted from their folder as soon as they're viewed.

For those engaged in sexting -- at least sexting photos, images don't appear to be showed in the device's internal storage. Possibly, it has something to do with either app's requirement to cache the larger sized videos.

The vulnerability doesn't appear to be in the Android Snapchat app; Poke is only an iOS app for now. The Android app did have a prior bug, in which it stored versions of unwatched videos in the Android Gallery, but that bug was fixed earlier this month.

When asked about the exploit, Snapchat cofounder Evan Spiegel said,
The people who most enjoy using Snapchat are those who embrace the spirit and intent of the service. There will always be ways to reverse engineer technology products -- but that spoils the fun!
This doesn't seem like much of an exploit, though, since it iFunBox does not require jailbreaking.

Facebook, when asked, seemed a little more concerned about the Poke vulnerability. The company said:
Thanks for reaching out, and we are addressing this issue now. We should have a fix pushed shortly.

Keep in mind, not only does Snapchat have similar issues but also, similar to screenshots, for the time being cached video files can be captured while using Poke before the receiver views the file.
As you can see, Facebook took a poke (pun intended) at Snapchat.  We'll see if Snapchat fixes the problem, as well.



No comments: