Instagram – Facebook’s popular photo sharing app for iOS, currently has a vulnerability that could make your account susceptible to hackers. A security researcher, Carlos Reventlov, published on Friday another attack on Facebook’s Instagram photo-sharing service that could allow a hacker to seize control of a victim’s account.
“The Instagram app communicates with the Instagram API via HTTP and HTTPs connections. Highly sensitive activities, such as login and editing profile data, are sent through a secure channel. However, some other request are sent through plain HTTP without a signature, those request could be exploited by an attacker connected to the same LAN of the victim’s iPhone.”
Vulnerability Details — The vulnerability is in the 3.1.2 version of Instagram’s application, which is susceptible to “eavesdropping and man in the middle attacks that could lead an evil user to delete photos and download private media without the victim’s consent.
An attacker on the same LAN of the victim could launch a simple arpspoofing attack to trick the iPhones into passing port 80 traffic through the attackers machine. When the victim starts the Instagram app a plain text cookie is sent to the Instagram server, once the attacker gets the cookie he is able to craft special HTTP requests for getting data and deleting photos.
The Secunia verified the attack and issued an advisory here. The compromise uses a method called ARP (Address Resolution Protocol) spoofing, where the web traffic of the victim’s mobile device is channeled through the attacker’s computer. Reventlov wrote that it is then possible to intercept the plain-text cookie.
“ I’ve found that many iPhone apps are vulnerable to such things but not too many are high-profile apps like Instagram,” Reventlov added. He says that the fix for Instagram is rather easy. For API calls that utilize sensitive information, simply use HTTPS, or Hypertext Transfer Protocol Secure. Find Proof of Concept on Reventlov blog.
source: The Hacker News