Security flaw in Instagram could let someone steal your account

Security flaw in Instagram could let someone steal your account
As with most security threats, we want to lead with the fact that while the potential harm of this flaw is pretty big - someone could ultimately steal your account or delete your photos - the fix is pretty easy, and in the meantime there is also an easy way to protect yourself while the Instagram devs fix the hole found in the iOS app. It is possible the same flaw exists for the Android app, but that hasn't been tested yet. 

The security flaw was found in Instagram 3.1.2 running on iOS, the flaw was tested and confirmed on two different iPhone 4 handsets running iOS 6. Apparently, the flaw is quite similar to that trouble that happened with the Firesheep extension a couple years ago, wherein login credential cookies could be swiped for Facebook, Google, Twitter, and others. Similarly, the app authentication with Instagram's servers is done using a plain-text cookie. If a black hat hacker intercepts that cookie, they could access your account, delete your data or change your credentials and steal your account entirely. 

Of course, as we said, there is an easy way to protect yourself, and that's because the only way for someone to intercept that cookie is if you are using Instagram on an unsecured connection, like an open WiFi access point. So, if you're worried, just avoid using Instagram on an open AP for now. As we also said, the fix for Instagram is quite easy (and one that Facebook knows, since it was the same fix for the Firesheep issue), which is to use an HTTPS (secure) connection rather than standard HTTP when transferring the credential cookie. 

The worst part about all of this is that the developer who found the issue, reventlov, contacted Instagram about the flaw back on November 11th, but Instagram has yet to address the issue. 

source: reventlov via pocketnow



7. MC1123

Posts: 1256; Member since: Nov 12, 2012

still love molome!

3. -box-

Posts: 3991; Member since: Jan 04, 2012

I read a quote once, "instagram is twitter for illiterates". I don't understand it myself, since Facebook does the same things without the crummy filters

5. JeffdaBeat unregistered

Facebook is broad in terms of social networking whereas Twitter and Instagram are more focused. Instagram is less about commenting or getting into debates then it is about showing the world around you. Filters or not, I actually love the pictures my buddies take because it always feels like they are on some awesome adventure. I can join them by just opening an app. Vice versa too. And I know that sounds incredibly cheesy, but I love how Instagram doesn't have the weight of Facebook. Anyone on FB before the election can attest to that.

6. RapidCat

Posts: 351; Member since: Jun 12, 2012

yea instagram is twitter for people can't read :)

* Some comments have been hidden, because they don't meet the discussions rules.

Latest Stories

This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit for samples and additional information.
FCC OKs Cingular's purchase of AT&T Wireless