The bad news? Instagram has a vulnerability that could allow a hacker to take over your account. The good news? That hacker would have to be close enough that he could just walk over and punch you to do so.

The vulnerability was found in the latest 3.1.2 version of Instagram by Carlos Reventlov, who has notified Instagram of the problem.

Here’s how the exploit works. As a matter of course, Instagram encrypts many sensitive activities when they are sent to Instagram’s servers, but other data is not encrypted, but instead sent in plain-text. One of these is a cookie that is sent the second the app is started up, and it’s this cookie that allows hackers to compromise your Instagram account, theoretically taking full control over it.

In reality, though, there’s not much to worry about for most of us. In order for a hacker to use this method to take control of your Instagram account, you’d need to be on the same local-area-network, which means that the chances are good that unless you’re on a public WiFi network with a malevolent hacker, you’re probably pretty safe.

Instagram can fix the problem pretty easily by using encrypted HTTPS for API requests for sensitive data, and now that the vulnerability has been made public, it’s a good bet that that’s exactly what they’ll do next update.

Source: Computerworld

« »