Expert in computer security Steve Graham discovered a critical vulnerability in the application Instagram for iOS. It allows an attacker to crack user account to gain control over the management and publication of photographs, as well as edit and delete comments.
According Securitylab, the application connects to the server over an unencrypted protocol HTTP, which can be modified by an attacker to intercept. Graham used the program on your phone, while promoting traffic monitoring using the analyzer WireShark. The expert found that the compound is vulnerable to interception user session, carried out through the attack "man in the middle."
Reusing intercepted HTTP cookie session on another system or browser could allow an attacker to hack session in account the victim in Instagram.
"As soon as I walked into account in Instagram on your phone, WireShark intercepted unencrypted data flowing through HTTP. This data includes photographs, viewed the victim, cookie session, the user name and ID », - said Graham.
Expert has notified Facebook, owns Instagram, this vulnerability. Representatives of the social network reported translation service on the protocol HTTPS, but it is not known how soon it will happen.