Security Architecture, Endpoint/Device Security, Endpoint/Device Security, Security Strategy, Plan, Budget, Vulnerability Management, Patch/Configuration Management, Incident Response, TDR, Threat Management, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security

Bug in iOS Instagram app fixed, impacts Facebook accounts

A security firm is advising Instagram for iOS users to update to version 6.0.4 or later of the app to avoid leaving their Facebook accounts vulnerable to attack.  

IOActive revealed that a bug in the app could allow an attacker to steal Facebook access tokens and impersonate victims or access their personal data on the social networking site.

Security consultant Ariel Sanchez said that he discovered the issue while intercepting traffic from his smartphone in an experiment to “see what it was sending.” He found that plain text communications containing a user's Facebook access token were sent while using the app's “Facebook Friends” button, which helps Instragram users “follow” people they know on Facebook.

IOActive noted that individuals using Instagram on public Wi-Fi were vulnerable to being hacked, as their network traffic (and access token) could be sniffed out.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.