On April 9, 2012, Instagram the most popular image sharing Application for iOS and Android was acquired by the most famous social network called Facebook for the sum of $1 Billion. After the acquisition of Instagram by Facebook, it was believed that the name of the App would be changed to the App its self would be eliminated after integrating with Facebook. However, the elimination or integration never happened for each other. The C.E.O of Facebook Zuckerberg, planned to keep Instagram as an independent application rather than merging it with Facebook. Indeed, it was decided that the company would work together to improve the stand a lone application of Instagram for iOS and Android.
Following the improvements and bugs fixing of Instagram App for iOS, the team left some bugs in the App for iOS that allows a hacker to breach into your private pictures with a man in the middle attack. This issue was found back in November by a hacker called Carlos Reventlov. Indeed, he was the one who made this attack back in November for Instagram App. On his was on testing the application for security vulnerability, he found this issue by his exploit and reported the officials on the spot.
As of today, the same hacker used the same exploit to see if the issue was fixed or not. Amazingly, the issue isn’t fixed by the company, although they were notified about this issue back in November. The vulnerability lies in the 3.1.2 version of the Instagram App for iOS that was released back on October 23.
According to Carlos:
“When the victim starts the Instagram app, a plain-text cookie is sent to the Instagram server,” Reventlov wrote. “Once the attacker gets the cookie he is able to craft special HTTP requests for getting data and deleting photos.”
This attack works with the man-in-the-middle hacking technique in which the hacker and the victim can be on the same LAN. Once the hacker is able to grab the cookies file, he can delete, add, download, and do much more with your photos with account.
You can see the complete details of the attack from here.
This is strange that no one from Facebook or Instagram has responded to this issue until now. If they keep on delaying the issue, many people will lose their accounts and images in no time. We never know about an increment in the number of attackers. We hope the officials respond to this threat as soon as people.