The Quiptxt fiasco
Mar. 29th, 2010 12:07 pm![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
marnanelThis weekend, a company was (apparently) brought down, and the privacy of thousands of people was compromised, because of poor software design.
Quiptxt was an iPhone app which allowed you to take a picture with the phone's camera. The picture was uploaded to the company's webservers, and given a short URL. The phone then sent a text message with the URL to anyone you chose. Thus it was possible to share photos with people whose phones didn't support picture messaging.
However, Quiptxt made a great mistake. The URLs were made short, to fit into text messages. But that also made them guessable. They were five characters long, and not sparsely allocated. (In other words, if you guessed five random characters, you were reasonably likely to find a picture that someone had uploaded to share with a friend.)
Of course, eventually people got hold of this and wrote programs to download images. Naturally, Quiptxt soon went over their bandwidth limit, but not before thousands of formerly private photos were made public. I didn't hear about it until after it was all over, but according to comment threads posted at the time, as well as the predictable number of naked people, there were such things as images of cheques with the names and routing numbers intact. It appears that the username of the uploader was also disclosed, and possibly their latitude and longitude.
quiptxt.com is still down as of the time of writing. I don't know whether Quiptxt will continue in another form, or whether the technical problems coupled with the loss of public confidence will spell the end of this idea. But this could all have been prevented with some foresight. If the URLs had been allocated sparsely; if the identifiers had been a few characters longer; if the server degraded performance after a certain number of failed requests; if any of these things had been thought of to begin with, this need never have happened.
This happened after the most recent comp.risks came out, but I'm sure it'll be in there.
Quiptxt was an iPhone app which allowed you to take a picture with the phone's camera. The picture was uploaded to the company's webservers, and given a short URL. The phone then sent a text message with the URL to anyone you chose. Thus it was possible to share photos with people whose phones didn't support picture messaging.
However, Quiptxt made a great mistake. The URLs were made short, to fit into text messages. But that also made them guessable. They were five characters long, and not sparsely allocated. (In other words, if you guessed five random characters, you were reasonably likely to find a picture that someone had uploaded to share with a friend.)
Of course, eventually people got hold of this and wrote programs to download images. Naturally, Quiptxt soon went over their bandwidth limit, but not before thousands of formerly private photos were made public. I didn't hear about it until after it was all over, but according to comment threads posted at the time, as well as the predictable number of naked people, there were such things as images of cheques with the names and routing numbers intact. It appears that the username of the uploader was also disclosed, and possibly their latitude and longitude.
quiptxt.com is still down as of the time of writing. I don't know whether Quiptxt will continue in another form, or whether the technical problems coupled with the loss of public confidence will spell the end of this idea. But this could all have been prevented with some foresight. If the URLs had been allocated sparsely; if the identifiers had been a few characters longer; if the server degraded performance after a certain number of failed requests; if any of these things had been thought of to begin with, this need never have happened.
This happened after the most recent comp.risks came out, but I'm sure it'll be in there.
no subject
Date: 2010-03-29 06:44 pm (UTC)no subject
Date: 2010-03-30 09:23 am (UTC)They also seem to have done it better: a 9 character ID and 6 character password to type into http://www.orange.co.uk/mms/ to get your image, and it expires after 21 days. I suspect they may also have more bandwidth :)