Cyber Crime Final Project

tiredofschool
SnapChatFinalProjectExampleDeliverable.doc
Home>Computer Science homework help>Cyber Crime Final Project

Erasing Snaps

Details

Snapchat is a photo and video sharing mobile application, which is available in both the Android and the Apple digital store. The application allows users to take an image or video, select a length of time (from 1 to 10 seconds) for viewing, and send it to another mobile device that has the application. The receiving end is only allowed to view the image or video for the allotted time. Snapchat claims that the image/video is then automatically deleted once the image has been viewed or expires. On their website, Snapchat claims that “Delete is our default. That means that most messages sent through our Services will be automatically deleted once they have been viewed or have expired [1].” Although Snapchat claims that the file has been deleted, we have found that snaps remain on the device after expiring. We have also found that it is possible for an end user to recover snaps with no specialized knowledge.

Objective

In this project, we set out to prove that snaps remain readily accessible on the device and present an app to purge snaps from an Android device. We do not intend to erase any artifacts

left behind, such as deleted files that can be retrieved using forensic software. We only want to delete the currently cached files that can eventually be decrypted and viewed without permission.

Work Performed

Recovering Deleted Snaps

image1.jpg

We found that Snapchat does not delete snaps after they have expired. Instead it renames the file with a “.nomedia” extension and encrypts them using a currently­unknown key. This section details our findings and the steps we took.

First, we created an account on Snapchat and created several photo and video snaps. We used Android phones running Android 4.x. We used an app called AndroZip file manager [5] to browse the file system of the phone and locate the Snapchat files. Unlike most methods of finding such data using only the phone, AndroZip file

manager does not require that the phone be rooted. This is in line with our goals of proving that Snapchat data is readily locatable and recoverable. We also connected the phones to computers to recheck the existence of the files.

We found that after there are no unviewed snaps in the cache, Snapchat will evict everything in the cache; they are not saved forever. Historically, snaps were unencrypted, meaning that once you pulled them off the phone, they were readily viewable. Snapchat eventually started using an AES key to encrypt snaps but that key was discovered and made public[6]. The key was hard­coded in the application and was searchable. We then found to our dismay that Snapchat had instituted a new double encryption scheme. As of now the key is unknown, meaning that even if snaps were retrieved they are now unreadable without sophisticated decryption technologies only available to agencies like the NSA or hackers willing to spend the money to accomplish the same thing; even in this case it would likely take time.

We can conclude that for a long time the security of snaps was significantly less than advertised. Only recently has there been any sort of strong encryption measure employed, meaning that snaps saved by an old version of Snapchat were readily viewable by anyone who cared to view them. The significance of this finding is further amplified by the fact that not all Android operating systems support the latest version of every application, and not every phone supports the latest Android operating system. This means that there are users who are technologically constrained from using the latest version of Snapchat and are carrying around unsecured snaps in their phone which they believe to have been deleted.

SnapEraser App

In this section we explain the SnapEraser application, an application we created, and demonstrate its use. While snaps are currently securely encrypted, it is always possible that the key may be made publically available rendering the encryption moot. Additionally, many phones

may contain old snaps using weaker or no encryption that should be purged as soon as possible. To that end we developed SnapEraser.

image2.jpg

Before explaining the functionality of SnapEraser, it is necessary to give some background regarding Android applications. By default an Android application is not run as root. Obtaining the root account is referred to as “rooting” a phone. When a phone is not rooted, an application cannot see any other applications’ cached data. It can however instruct the operating system to clear all cached data irrespective of what application it belongs to.

Additionally, cached data cannot be deleted while the owner application is running.

SnapEraser first shuts down Snapchat and checks to see if the phone is rooted. If it is, SnapEraser can clear Snapchat’s cache individually. Otherwise, SnapEraser is forced to empty the phone’s entire cache which could potentially cause problems if there was cached data the user wanted to keep. SnapEraser can also provide a count of how many files are in the Snapchat cache if the user is root.

Outcomes

We were able to prove that Snapchat does not delete images and videos from the receiving phone, rather it simply renames them with an extension of “.nomedia.” The latest

version of Snapchat securely encrypts cached snaps, but prior versions used either a weak encryption with a publically available key or no encryption at all. It is important to reiterate that many phones could be prevented from using the latest version of Snapchat because of operating system version constraints.

As previously noted, we developed an app called SnapEraser to manually purge snaps from an Android phone. The app is able to purge said snaps whether the phone is rooted or not, but does a more focused job if root is available.

Conclusion

There are two directions that we intend to explore for future work. First, we intend to port SnapEraser to the IPhone. Second, we intend to do an analysis of proxy server programs to determine how many snaps might still reside in proxy servers or other such intermediate points between the sender and recipient. We hope that this paper dispels some of the marketing myths surrounding Snapchat and better informs users that might feel the need to send sensitive images or videos over the Snapchat network.

References

[1] www.snapchat.com/privacy

[2] www.usatoday.com/story/tech/2015/01/24/snapchatteens/22210881

[3] fatherhood.about.com/od/fatherssocialmedia/p/Snapchat.htm

[4] www.parentdish.co.uk/kids/snapchatshouldparentsworrychildrenphotosandbullying

[5] play.google.com/store/apps/details?id=com.agilesoftresource&hl=en

[6] security.stackexchange.com/questions/52584/why­can­we­still­crack­snapchat­photos­in­12­lines­of­ruby * snaps refers to any photo/video sent through the Snapchat application