Mobile

Instagram iOS and Android apps vulnerable to session hijacking

July 29, 2014

While tinkering around with the Android version of the popular Instagram app, Mazin Ahmed, a student and researcher, discovered that sessions can be hijacked in a man-in-the-middle (MitM) attack.

Using an open-source network protocol analyzer known as Wireshark, Ahmed noticed unsecured information going through HTTP; data that included pictures, session cookies, and usernames and IDs, according to a Saturday post.

Ahmed reported the issue to Facebook, which owns Instagram. The company said it was working on a fix, but it did not give a specific date and added that it “accepts the risk.”  

Another researcher, Steve Graham, wrote a day later about how the iOS app is also vulnerable and tweeted on Tuesday that he was able to quickly carry it out in a coffee shop. The iOS issue was also written about in late 2012.

prestitial ad