Steven Hickson Interview

The tech wizard, Steven Hickson has just hit the charts after claiming to be able to hack Snapchat’s security within 30 minutes. As intriguing as it sounds, the gentleman here promises to prove himself right. His blog contains an article which describes the procedure he adopted to do the same.

Steven is currently pursuing his PhD from Georgia Institute of Technology as a Graduate Research Assistant. Previously he has also worked with NSA and has done some tremendous engineering in the past.

The man loves tinkering and building robots/devices, the Raspberry Pi, the Microsoft Kinect, rock climbing, martial arts, Settlers of Catan, Magic the Gathering, music, movies, and art. He maintains his own blog to talk about the various updates and the new things that he comes up with as a researcher.

Let us get to know him better;

SocialappsHQ- Steven, what made you think of hacking Snapchat in the first place?Steven- I thought of it when I read the article about the CAPTCHA that morning. It just seemed really easy and I knew I could do it fairly fast.

SocialappsHQ- So, was it really that easy?Steven- It was incredibly easy. It could have been assigned as an undergraduate project for a computer science student

SocialappsHQ- What was your first reaction after you successfully hacked Snapchat?Steven- I just posted it online and explained why it was bad. I didn’t expect it to take very long or be very difficult so I wasn’t surprised by the fact that it took ~30 minutes and less than 100 lines of code.

SocialappsHQ- Were you approached by the Snapchat authorities regarding the hacking?Steven- I have not been approached by anyone from Snapchat and to my knowledge they still haven’t fixed this or started a bug bounty program like the ones Facebook and Google have

SocialappsHQ- What happened next?Steven-  I tweeted the article to the author of the Techcrunch article and he updated his page. Since the news that Snapchat had a CAPTCHA hadn’t been picked up by most news organizations yet, the story blew up when people read about it. It ended up being posted by a ton of different tech websites.

SocialappsHQ- Why didn’t you actually hack Snapchat rather than publishing the loophole?Steven- I didn’t want to break the law in any way. Also, I was only interested in showing how bad their implementation was as opposed to taking advantage of it. Someone out there is certainly using a similar method to do this though.

SocialappsHQ- Do you think this hack applies to only Snapchat or, other apps as well?Steven- I would bet there are other apps out there that are using improper CAPTCHA methods. Though each one might require a custom solution for a computer to solve them, I would bet there are others out there that might be as bad.

SocialappsHQ-  Mobile App security is not a very well understood topic. Do you have suggestions on how Snapchat or other apps can be made more secure?Steven- Snapchat and others need to consult with professionals and those in academia to make sure they are secure. It is also generally a good idea to use existing, open source solutions rather than make a custom one.

SocialappsHQ-  Are there tools/scripts that you can suggest for checking on common security loopholes?Steven- Unfortunately, there isn’t a lot out there that you can use unless you are making large security errors. This is because all apps are different. However, if you are practicing security through obscurity, you are probably doing something wrong.

SocialappsHQ- I see that you are doing a PhD at Georgia Tech. Can you tell us what are you working on?Steven- I’m working on a couple things, foremost, 3D and 4D segmentation, object recognition, and scene understanding using the Microsoft Kinect. I’m also working on using machine learning to analyze brain waves with respect to images, music, and videos in hope we can use EEG headsets to recognize certain thought patterns.

SocialappsHQ-  Just one last thing, do you think Snapchat is far more secure now or is it still prone to another attack?Steven- I think Snapchat is probably almost as insecure as they were. It’s only a matter of time until they have another data breach unless they really amp up their security.

Rajat Garg (CEO)rajat@socialappshq.com+91 995 808 3052http://www.socialappshq.com

/