x PhoneArena is looking for new authors! To view all available positions, click here.
  • Home
  • News
  • Security flaw in Instagram could let someone steal your account

Security flaw in Instagram could let someone steal your account

Posted: , by Michael H.

Tags:

Security flaw in Instagram could let someone steal your account
As with most security threats, we want to lead with the fact that while the potential harm of this flaw is pretty big - someone could ultimately steal your account or delete your photos - the fix is pretty easy, and in the meantime there is also an easy way to protect yourself while the Instagram devs fix the hole found in the iOS app. It is possible the same flaw exists for the Android app, but that hasn't been tested yet. 

The security flaw was found in Instagram 3.1.2 running on iOS, the flaw was tested and confirmed on two different iPhone 4 handsets running iOS 6. Apparently, the flaw is quite similar to that trouble that happened with the Firesheep extension a couple years ago, wherein login credential cookies could be swiped for Facebook, Google, Twitter, and others. Similarly, the app authentication with Instagram's servers is done using a plain-text cookie. If a black hat hacker intercepts that cookie, they could access your account, delete your data or change your credentials and steal your account entirely. 

Of course, as we said, there is an easy way to protect yourself, and that's because the only way for someone to intercept that cookie is if you are using Instagram on an unsecured connection, like an open WiFi access point. So, if you're worried, just avoid using Instagram on an open AP for now. As we also said, the fix for Instagram is quite easy (and one that Facebook knows, since it was the same fix for the Firesheep issue), which is to use an HTTPS (secure) connection rather than standard HTTP when transferring the credential cookie. 

The worst part about all of this is that the developer who found the issue, reventlov, contacted Instagram about the flaw back on November 11th, but Instagram has yet to address the issue. 

source: reventlov via pocketnow

7 Comments
  • Options
    Close




posted on 03 Dec 2012, 20:49

3. -box- (Posts: 3821; Member since: 04 Jan 2012)


I read a quote once, "instagram is twitter for illiterates". I don't understand it myself, since Facebook does the same things without the crummy filters

posted on 03 Dec 2012, 21:49

5. JeffdaBeat (unregistered)


Facebook is broad in terms of social networking whereas Twitter and Instagram are more focused. Instagram is less about commenting or getting into debates then it is about showing the world around you. Filters or not, I actually love the pictures my buddies take because it always feels like they are on some awesome adventure. I can join them by just opening an app. Vice versa too. And I know that sounds incredibly cheesy, but I love how Instagram doesn't have the weight of Facebook. Anyone on FB before the election can attest to that.

posted on 04 Dec 2012, 00:20 1

6. RapidCat (Posts: 351; Member since: 12 Jun 2012)


yea instagram is twitter for people can't read :)

posted on 04 Dec 2012, 17:55

7. MC1123 (Posts: 1243; Member since: 12 Nov 2012)


still love molome!

* Some comments have been hidden, because they don't meet the discussions rules.

Want to comment? Please login or register.

Latest stories