iPhone Instagram Users Vulnerable To New Hack

rated by 0 users
This post has 4 Replies | 0 Followers

Top 10 Contributor
Posts 26,721
Points 1,208,815
Joined: Sep 2007
News Posted: Sat, Dec 8 2012 11:13 AM
Security researcher Carlos Reventlov discovered a vulnerability in Instagram version 3.1.2 on the iPhone 4 (iOS 6) that leaves users’ Instagram accounts open to attacks. Specifically, users are at risk for partial eavesdropping and man-in-the-middle attacks that a ne’er-do-well could use to delete photos or even take over a user’s account and download private photos.

Instagram’s login and profile data are sent via a secure HTTPS connection, but other requests are sent through plain ‘ol HTTP that uses only an unencrypted cookie for authentication. If an attacker is connected to the same LAN as a given user’s iPhone, the game is on.

Instagram hackable

“An attacker on the same LAN of the victim could launch a simple arpspoofing attack to trick the iPhones into passing port 80 traffic through the attackers machine,” wrote Reventlov. “When the victim starts the Instagram app a plain text cookie is sent to the Instagram server, [and] once the attacker gets the cookie he is able to craft special HTTP requests for getting data and deleting photos.”

Reventlov’s suggested fixes appear relatively simple to implement. He suggests using HTTPS for all API requests containing sensitive data and a body signature for unencrypted requests. He submitted his findings and a proof of concept to Instagram nearly a month ago, and according to his website, he received only an automated response. As of November 20th, the vulnerability remained unpatched.
  • | Post Points: 65
Top 150 Contributor
Posts 756
Points 7,645
Joined: Nov 2012
Location: Dallas, Tx

Oh no, all the sepia photos of my gourmet hamburgers could be deleted!

  • | Post Points: 5
Not Ranked
Posts 18
Points 90
Joined: Dec 2012
Location: Estados Unidos

This is too bad

  • | Post Points: 5
Top 10 Contributor
Posts 5,054
Points 60,735
Joined: May 2008
Location: U.S.
3vi1 replied on Sat, Dec 8 2012 9:13 PM

Instagram users vulnerable to hack...

So... hard... to... care....

What part of "Ph'nglui mglw'nafh Cthulhu R'lyeh wgah'nagl fhtagn" don't you understand?


  • | Post Points: 5
Top 100 Contributor
Posts 1,016
Points 10,970
Joined: Dec 2010
Location: Mcallen, Texas
OSunday replied on Sun, Dec 9 2012 1:46 AM

"Hipster" vulnerabilities...

This was intentional by the hipster community to be able to infiltrate our phones

  • | Post Points: 5
Page 1 of 1 (5 items) | RSS