How to breach any Instagram account

Stevie Graham, a security researcher who reported an authentication flaw in her iOS software Instagram A few days ago. The researcher did not get any financial reward when he mentioned the bug on Facebook.

instagram hacked

Obviously, because the vulnerability was not new, and not because it is not serious. (Vulnerability was reported by 2012.)

So Graham began publishing instructions to the audience directing anyone concerned about how to breach Instagram accounts.

All you need is a shared Wi-Fi, a sniffer app, and the knowledge that you will violate the law if you invade someone's privacy.

Η can be done through Firesheep.

You know it Firesheep;

In 2010, social like Twitter and Facebook used to handle session authentication like this:

  • Accept a connection using HTTPS ( HTTP), which allows the user to enter the username and s in an encrypted connection.
  • The above websites send back a unique "session cookie" or as it is known a "session cookie", which is valid until the disconnection, with a one-time cryptographic code that proves that the user is logged in correctly.
  • The acceptance of this cookie was then via an unsafe connection (HTTP).

Thus, one could not "catch" the user's password, but could easily grab his login cookie and violate current connections to Twitter or Facebook in real time.

What do I do with Firesheep?

Firesheep was an add-on for Firefox that automates the queue for connecting a user and then steals login cookies.

This allows accounts to be violated, at least until the owner realizes what's going on and disconnected.

Firesheep, could in turn mobilize companies like Twitter or Facebook to constantly use HTTPS.

Of course like Facebook, and Twitter there are too many others who use an unencrypted session cookie.

So for four years now, it seems that Instagram for iOS works in exactly the same way as explained above.

In short, it allows HTTP connections after the initial entry.
[tweet_embed id = 493469001075679232]

So Instagram users with iPhones and iPads can easily "lose" their accounts, says Stevie Graham and posted five simple steps to do it:

We will tell 1 a very serious reason not to do so

(At least, do not do it on someone else's account unless they give you permission.)

It's illegal.

But if it's really as easy as Graham says, Facebook will probably react very quickly.

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.087 registrants.

20102012cookieInstagramSession

Written by Dimitris

Dimitris hates on Mondays .....

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).