Instagram Accounts Vulnerable to Takeover, Security Researcher Says

instagram, social networks, facebook, photo sharingUsers of the Instagram mobile app are vulnerable to having their accounts hijacked by a user sharing the same local area network, or LAN, according to security researcher Carlos Reventlov.

A hacker using the same LAN as the victim could spoof the Address Resolution Protocol, tricking the victim’s mobile device into routing traffic through the attacker’s computer. When the victim performs an Instagram action that requires authetication but isn’t sent through an HTTPS server, a plain text cookie would be sent to the hacker’s machine. With the cookie, the hacker can log in to the victim’s account.

To improve security, the cookie should be encrypted.

Reventlov notified Facebook of the issue three weeks ago and has received just an automated reply.

Related Stories
Mediabistro Course

Content Marketing 101

Content Marketing 101Almost 60% of businesses use some form of content marketing. Starting December 8, get hands-on content marketing training in our online boot camp! Through an interactive series of webcasts, content and marketing experts will teach you how to create, distribute, and measure the success of your brand's content! Sign-up before November 10 to get $50 OFF with early bird pricing. Register now!