Home » Security » Instagram on iPhone Could Allow Account Hijacking

instagram

Facebook’s popular photo sharing app for iOS, Instagram has a vulnerability that could make your account susceptible to be compromised. A security researcher Carlos Reventlov published on Friday a vulnerability in Facebook’s Instagram photo-sharing service that could allow a hijacker to seize control of a victim’s account.

His report reads:

“The Instagram app communicates with the Instagram API via HTTP and HTTPs connections.  Highly sensitive activities, such as login and editing profile data, are sent through a secure channel. However, some other request are sent through plain HTTP without a signature, those request could be exploited by an attacker connected to the same LAN of the victim’s iPhone.”

The vulnerability is in the 3.1.2 version of Instagram’s application the app is susceptible to eavesdropping and man in the middle attacks that could lead anyone to delete photos and download private media without the victim’s consent.  The vulnerability was found on 11th November 2012 and Instagram authorities were informed but yet haven’t been fixed.

Carlos Reventlov suggested fixes are use https for all API requests that could contain sensitive data, such as photo URLs or use a body signature for unencrypted requests.

AVG Premium Security 2013

Comments

comments

Latest

Focus On the Responsive Mobile Website
Mobile Website or Mobile App
Technology is bringing about a drastic change to the hiring industry
Five Ways To Use Your iPad For Business
Outlook Mail App Review

Sponsors

Follow Us

Visit Us On TwitterVisit Us On FacebookVisit Us On GooglePlusVisit Us On PinterestVisit Us On YoutubeCheck Our Feed

Subscribe To The Technology Geek

Join Premium

Enjoy All The Benefits Of Premium

  • Access To Premium Content Only Available To Members
  • Digital Copy Of My Book The Pangram Killer
  • Coupons for quality sites affiliated with us
  • Access To All Short Stories
  • Free Plug On Podcast
  • Get first notice and exclusive access to events and meetups
$19.99

Sponsors

Archives