How anyone can hack your instagram account

How someone hacks your Instagram account [Survey]

Stevie Graham rejected a bug bounty that became a security researcher who reported an authentication flaw in Instagram's IOS software a few days ago.
Perhaps it is not new because it is flawed, rather than because it is not serious. (Actually, we first wrote about this issue in 2012.)

So Graham has come public with instructions on how to hack someone's Instagram account.

Share the will you need to break the law to violate the privacy of Wi-Fi, packet sniffer, and others.

Simply put, this attack is from Firesheep once again.

Remember the Firesheep?

Social networking security, 2010 style

In 2010, social networks like Twitter and Facebook handled session authentication as follows:

1.Users who accept a connection using TTPS (secure HTTP) can enter their username and password over an encrypted connection to stop criminals sniffing their credentials.

2.Once the user has already logged in correctly, the encryption code once again sends a unique "session cookie" that is valid until you log out.

3.After that, accept this cookie over an insecure (HTTP) connection.

So you can't eavesdrop on the user's password next time, but you can intercept your own session cookie and intercept your current Twitter or Facebook session in real time.

Firesheep

Firesheep was an automated Firefox plugin that waited for users to steal their session cookies after logging in.

In other words, point and click on one exercise until they log out to realize what happened, and take over their account.

Firesheep's superficial motive was to create public turmoil large enough to push services like Twitter and Facebook that always use HTTPS, despite it being overused to abuse.

And what exactly is Facebook, Twitter because it solves the problem, and what others have done: means sessions hijacking unencrypted session cookies to eavesdropping.

2010 revisit

In the near future four years as fast as it works almost exactly the same way, as it is described in the 1-2-3 list above on Instagram's iOS app, it seems.

That is, it allows HTTP connections after the initial login.

So iPhone and iPad and Instagram users can easily seize it, or so Stevie Graham claims.

Too easy, in fact, he gives five simple steps to do it:

Ouch.

Then what next?

Do not do this: we have only three words for advice.

(Unless you explicitly grant permission, don't account for someone else.)

It's definitely not good, it's almost certainly not the law, where you can buy.

But if it's really as easy as Graham says, let's hope Facebook gets on pretty quickly.

In the meantime, you probably want to give logging to Instagram from your iPhone or iPad.

We seem to be worrying about how to make public commotion big enough to line up for the security of mobile apps because we are lagging behind on how to keep writing…

Know our opinion

(If you would like to explain your reason, please leave a comment below. You may remain anonymous.)