A critical flaw discovered in Instagram’s mobile apps makes it easy for hackers to steal your user information. The flaw centers around the app’s use of unencrypted connections. This means an enterprising hacker can sniff out your personal information over an open Wi-Fi hotspot or even over your cell network.
By leaving data unencrypted, Instagram lets hackers have access to session cookies which can be used to impersonate you. This vulnerability can give someone access to your private photos, username, and password.
Facebook, who owns Instagram, has known about the issue since 2012 but still hasn’t fixed it. The company responded to Mazin Ahmed, the security researcher who reported the vulnerability, with the following statement:
“Facebook has discussed this issue at length and plans on moving everything on the Instagram site to HTTPS. However there is no definite date for the change. At the moment Facebook accepts the risk of parts of Instagram communicate over HTTP and not HTTPS. We consider this a known issue and are working toward a solution in the future.”
It’s worrying that Facebook has known about the issue for so long yet decided it wasn’t important enough to fix.
For now, users can use Instagram’s mobile site which is encrypted. Be aware that public Wi-Fi networks are inherently less secure and should be used with caution. You should be fine browsing Instagram over a cellular connection since it’s much harder to intercept data this way.
Source: Mazin Ahmed
Via: The Hacker News
RELATED STORIES
Canvas fingerprinting web tracking tool isn’t the end of privacy
Firefox 31 brings new tab search bar, increased download security
Critical Java update prevents hackers from remotely controlling your computer
Security researchers find critical flaws in web-based password managers
The Softonic Minute: Android, Minecraft Pocket Edition, Google Maps and Windows 7
Follow Lewis on Twitter: @lewisleong