Home » Security » Instagram on iPhone Could Allow Account Hijacking

instagram

Facebook’s popular photo sharing app for iOS, Instagram has a vulnerability that could make your account susceptible to be compromised. A security researcher Carlos Reventlov published on Friday a vulnerability in Facebook’s Instagram photo-sharing service that could allow a hijacker to seize control of a victim’s account.

His report reads:

“The Instagram app communicates with the Instagram API via HTTP and HTTPs connections.  Highly sensitive activities, such as login and editing profile data, are sent through a secure channel. However, some other request are sent through plain HTTP without a signature, those request could be exploited by an attacker connected to the same LAN of the victim’s iPhone.”

The vulnerability is in the 3.1.2 version of Instagram’s application the app is susceptible to eavesdropping and man in the middle attacks that could lead anyone to delete photos and download private media without the victim’s consent.  The vulnerability was found on 11th November 2012 and Instagram authorities were informed but yet haven’t been fixed.

Carlos Reventlov suggested fixes are use https for all API requests that could contain sensitive data, such as photo URLs or use a body signature for unencrypted requests.

AVG Premium Security 2013

Comments

comments

Latest

dictate Microsoft Announces Dictation Software for Office
outlook for mac Outlook 2016 for Mac Gets Huge Update
power bank How to Choose the Best Type of Power Bank for You
6 Garage Band Alternatives For Music Production On Windows Devices
Tech Geek Weekly: June 16, 2017

Follow Us

Visit Us On TwitterVisit Us On FacebookVisit Us On GooglePlusVisit Us On PinterestVisit Us On YoutubeCheck Our Feed

Join Premium

Enjoy All The Benefits Of Premium

  • Access To Premium Content Only Available To Members
  • Digital Copy Of My Book The Pangram Killer
  • Coupons for quality sites affiliated with us
  • Access To All Short Stories
  • Free Plug On Podcast
  • Get first notice and exclusive access to events and meetups
$19.99

Subscribe To The Technology Geek

Archives