Snapchat and Facebook Poke vulnerability revealed, extracting media possible
Snapchat and Facebook Poke made promises of the ephemeral nature of sensitive data. Looks like the promises may have been just a touch premature.
Snapchat and Facebook Poke became an instant hit few days ago, promising secure messaging amongst users. When they say some things are too good to be true, some things really are too good to be true.
Both the apps promised Mission Impossible-like functionality, causing messages to disappear once they’d been read. If they weren’t read, then they would expire after a small period of time. However, a method was recently discovered that allowed the user to extract videos from Snapchat and Poke, as both the apps store a cached copy of the video on the device.
With regards to file destruction, Poke seems to fare slightly better than Snapchat. If the video has been viewed on Poke, the video is deleted, local copy included. Snapchat, however, retains the local copy even after viewing. So if someone has sent you a video through either of the apps, choose not to view it, plug the iPhone into your computer and use a file browsing tool like iFunbox to retrieve the media.
After the loophole was discovered, Facebook has stated that while Poke was never meant to be a “secure messaging app,” they will regardless look into the loophole and work on a patch. Snapchat on the other hand is yet to make a statement. Our recommendation is that you stop relying on either of the apps to trade confidential matter, or images/videos/messages that you do not want lasting longer than it takes to read them.
Source: PCMag