Quip-Text exploits revealed, server shut down

Discussion in 'iOS Apps' started by hckrwolf, Mar 29, 2010.

  1. hckrwolf macrumors newbie

    Mar 29, 2010
    So I'm not sure if anyone else heard about this, I tried searching anything on Quip-Text and couldn't find a single thread on here...so here's the story, for anyone who's unaware or is wondering why Quip-Text isn't working right now.
    The background info.
    Quip-Text is an app for the iPhone that allows people to send pictures to others without paying for MMS. QT does this by uploading the picture onto their server, and generating a random URL for the user to send (via SMS) to another.

    The first mention of an exploit.
    On November 5, 2009 someone on digg was looking at how QT worked and realized two things:
    1. QT generates the URLs using only 5 random letters or digits (following the URL base). This supposedly means that there are 60,466,176 combinations QT could use.
    2. QT does not have any encryption on these URLs, meaning anyone who has the link can view it without any sort of authorization.
    The user then created a script that generated random URLs and showed the picture embedded in each one. The exploit didn't seem to gain any attention, and was left alone for months.

    The exploit is spread throughout the internet.
    On March 28, 2009 Anonymous dug up the exploit, and threads began to show up on several imageboards (specifically, 4chan) where users were given the script (which now had it's own webpage) and could browse through thousands of pictures to post their favorites in the threads.
    It was at this point that Anonymous realized QT also supplied the sender's contact info with every picture sent. This caused chaos on social networking sites like Facebook as users posted NSFW images on the senders' walls or shared them with the senders' friends, family, school, etc.

    Eventually, this caused a DoS on QT's servers, shutting them down temporarily. QT investigated the cause, and realized thousands of pictures had been leaked onto the internet. The creater of QT had this to say:
    Which a user on Reddit replied,
    The aftermath.
    As stated by Ish, QT was shut down completely - this means users cannot upload new pictures or view pictures previously uploaded.
    Ish claims to have the site up-and-running ASAP, but considering his team consists of only 3 people, I'd say they're offline indefinitely. They'll have to clean out their servers, deleting all of the pictures and text, clear the URLs, and write out a new code with actual encryption on it.

    A humorous post on 4chan said,
    Anonymous then affectionately declared it Quiptxt Day, stating:
    What Anonymous was trying to say is that the exploit on QT links was phenomenal because it gave Anonymous TONS of "original content", which revived the imageboards with pictures other than the ones Anonymous has seen over 9,000 times.

    Anonymous has also created an (NSFW) Encyclopedia Dramatica for Quiptxt Day, where some of the content has been saved.
    Well, there's the whole story for you. I decided to type it all up and post it somewhere so more people would be aware and would think "maybe it's not such a great idea to have my nudes hosted on the interwebs where everyone can see them, track them down and show them to my family."
    I hope you guys liked my post, and if you used QT, watch out next time!

    Also, this is my first post and I wasn't exactly sure where to put this thread...apologies ahead of time if this is wrong.
    Cheers! :D
  2. Mikeluv macrumors newbie


    Jul 18, 2009

Share This Page