Security flaw in Instagram could let someone steal your account
Share:
As with most security threats, we want to lead with the fact that while the potential harm of this flaw is pretty big - someone could ultimately steal your account or delete your photos - the fix is pretty easy, and in the meantime there is also an easy way to protect yourself while the Instagram devs fix the hole found in the iOS app. It is possible the same flaw exists for the Android app, but that hasn't been tested yet.
The security flaw was found in Instagram 3.1.2 running on iOS, the flaw was tested and confirmed on two different iPhone 4 handsets running iOS 6. Apparently, the flaw is quite similar to that trouble that happened with the Firesheep extension a couple years ago, wherein login credential cookies could be swiped for Facebook, Google, Twitter, and others. Similarly, the app authentication with Instagram's servers is done using a plain-text cookie. If a black hat hacker intercepts that cookie, they could access your account, delete your data or change your credentials and steal your account entirely.
Of course, as we said, there is an easy way to protect yourself, and that's because the only way for someone to intercept that cookie is if you are using Instagram on an unsecured connection, like an open WiFi access point. So, if you're worried, just avoid using Instagram on an open AP for now. As we also said, the fix for Instagram is quite easy (and one that Facebook knows, since it was the same fix for the Firesheep issue), which is to use an HTTPS (secure) connection rather than standard HTTP when transferring the credential cookie.
The worst part about all of this is that the developer who found the issue, reventlov, contacted Instagram about the flaw back on November 11th, but Instagram has yet to address the issue.
Share:
New Google Maps Android API brings vector maps to 3rd-party apps 
Isis bringing NFC payments to (some) vending machines 
-
Nokia Lumia 925 hands-on
-
LG Optimus F3 pictured, detailed for Sprint
-
Alleged Samsung Galaxy S4 Active photos show rugged yet slim chassis
-
Make your Samsung Galaxy S4 sound better with Adapt Sound
-
Yahoo's board agrees to $1.1 billion acquisition of Tumblr
-
Parting images and wrap-up from the last day of Google I/O
7 Comments
3. -box- posted on 03 Dec 2012, 20:49 0 0
I read a quote once, "instagram is twitter for illiterates". I don't understand it myself, since Facebook does the same things without the crummy filters
5. JeffdaBeat posted on 03 Dec 2012, 21:49 0 0
Facebook is broad in terms of social networking whereas Twitter and Instagram are more focused. Instagram is less about commenting or getting into debates then it is about showing the world around you. Filters or not, I actually love the pictures my buddies take because it always feels like they are on some awesome adventure. I can join them by just opening an app. Vice versa too. And I know that sounds incredibly cheesy, but I love how Instagram doesn't have the weight of Facebook. Anyone on FB before the election can attest to that.
6. RapidCat posted on 04 Dec 2012, 00:20 1 0
yea instagram is twitter for people can't read :)
* Some comments have been hidden, because they don't meet the discussions rules.
-
1.
What makes the Full HD IPS display on the LG Optimus G Pro better than AMOLED
-
2.
The forbidden fruit: here are 7 great Android apps that Google does not allow on Play store
-
3.
All from Google I/O 2013
-
4.
Samsung officials confirm 5.9-inch Note III will come at IFA in September, Galaxy S4 to hit 10 million sales next week
