Security Architecture, Endpoint/Device Security, Endpoint/Device Security, Security Strategy, Plan, Budget, Vulnerability Management, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security

Instagram iOS and Android apps vulnerable to session hijacking

While tinkering around with the Android version of the popular Instagram app, Mazin Ahmed, a student and researcher, discovered that sessions can be hijacked in a man-in-the-middle (MitM) attack.

Using an open-source network protocol analyzer known as Wireshark, Ahmed noticed unsecured information going through HTTP; data that included pictures, session cookies, and usernames and IDs, according to a Saturday post.

Ahmed reported the issue to Facebook, which owns Instagram. The company said it was working on a fix, but it did not give a specific date and added that it “accepts the risk.”  

Another researcher, Steve Graham, wrote a day later about how the iOS app is also vulnerable and tweeted on Tuesday that he was able to quickly carry it out in a coffee shop. The iOS issue was also written about in late 2012.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.