Snapchat and Facebook Poke 'security hole' allows recipients to keep videos

But it was supposed to disappear after 10 seconds...

Snapchat and Facebook Poke  security hole  allows recipients to keep videos

Those folks (not us, honestly) sending risque videos through the Facebook Poke and Snapchat apps can be comfortable in the knowledge that anything they send self destructs 10 seconds after it is viewed.

Or can they?

Buzzfeed has uncovered a quite simple method for recipients of naughty messages to keep ahold of those potentially compromising clips to view and share with others as many times as they see fit.

The key, according to the blog, is not to open the video once it is received. Because the file is stored locally, it can be easily accessed by plugging the iPhone into a computer and using file browsing software like iFunBox to examine the contents of the phone.

No warning

At this point Snapchat users can locate the file by navigating to the Snapchat folder and finding the "tmp" file.

Facebook Poke users can browser to library/caches/fbstore/mediacard to find the videos, and from there they can be copied to the desktop and kept.

Both Poke and Snapchat alert the sender if the recipient attempts to take a screenshot of the picture or video before it disappears, but this method offers no such warning.

Facebook fix incoming

Facebook now says it is working on a fix for the bug and told Buzzfeed: "Thanks for reaching out, and we are addressing this issue now. We should have a fix pushed shortly."

The company also encouraged Pokers to use the service responsibly and understand the risks.

Snapchat founder Evan Spiegel brushed off the concerns and said people will always find way to 'reverse engineer' technology, but those people are in the minority.

He said: "The people who most enjoy using Snapchat are those who embrace the spirit and intent of the service. There will always be ways to reverse engineer technology products - but that spoils the fun!"

Via Buzzfeed