Architecture, Device Security, Mobile, Strategy, Vulnerability management, Endpoint Security, Device Security, Endpoint Security

Instagram iOS and Android apps vulnerable to session hijacking

Adam GreenbergJuly 29, 2014

While tinkering around with the Android version of the popular Instagram app, Mazin Ahmed, a student and researcher, discovered that sessions can be hijacked in a man-in-the-middle (MitM) attack.

Using an open-source network protocol analyzer known as Wireshark, Ahmed noticed unsecured information going through HTTP; data that included pictures, session cookies, and usernames and IDs, according to a Saturday post.

Ahmed reported the issue to Facebook, which owns Instagram. The company said it was working on a fix, but it did not give a specific date and added that it “accepts the risk.”

Another researcher, Steve Graham, wrote a day later about how the iOS app is also vulnerable and tweeted on Tuesday that he was able to quickly carry it out in a coffee shop. The iOS issue was also written about in late 2012.

Adam Greenberg

DevOps

How to Secure Your CI/CD Pipeline by Prioritizing Cyber-Risk Management – Tal Morgenstern – ESW #309

March 16, 2023

The CI/CD pipeline is the backbone of the software development process, so it's critical to ensure you are meeting and exceeding the most critical security measures. Throughout this podcast, Tal Morgenstern, Co-founder and CSO of Vulcan Cyber, will break down the process of how organizations can properly secure a CI/CD pipeline into a checklist of ...

Malware

Go-based HinataBot latest botnet to focus on DDoS attacks

Steve ZurierMarch 17, 2023

Akamai researchers say the HinataBot botnet has been active for the first three months on 2023, but has exploited vulnerabilities from as far back as 2014.

Device Security

18 zero-day flaws impact Samsung Android handsets, wearables and telematics

Tom Spring March 17, 2023

Four of the zero-day bugs allow adversaries to remotely compromise a targeted phone with just a phone number - no user interaction required.

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

Instagram iOS and Android apps vulnerable to session hijacking

Related

How to Secure Your CI/CD Pipeline by Prioritizing Cyber-Risk Management – Tal Morgenstern – ESW #309

Go-based HinataBot latest botnet to focus on DDoS attacks

18 zero-day flaws impact Samsung Android handsets, wearables and telematics

Related Events

SYSMON: Gaining Visibility Into Your Enterprise

Free and Open-Source Wireless IDS With Nzyme

Managing Network Exposure in AWS

Get daily email updates