Instagram "Friendship Vulnerability" patched
Posted on 12 July 2012.
A flaw in the popular Instagram app that allows potential snoopers to add themselves as friends of any Instagram user and, consequently, to access his or hers private information and photos has been discovered by researcher Sebastian Guerrero.

The remote vulnerability affects both the iPhone and Android Instagram app, and due the lack of control on the logic applied to authorization feature, it allows attachers to effect a brute force attack in the context of user application.

He demonstrated the effectiveness of the attack by adding himself to the list of users Facebook's CEO Mark Zuckerber follows through Instagram and by sending him a personal message:


Guerrero revealed details about the flaw on his personal blog (via Google Translate), and has notified Instagram about it.

The company reacted by patching the flaw in a matter of hours and by commenting that never in the course of the bug existing was users' data at risk and that at no point were private photos made public.

"The technical researcher was not able to follow private users, nor were private users' data ever at risk," they wrote. "We don't have any evidence that this bug was taken advantage of at any other scale than very minimal experiments by a technical researcher."






Spotlight

Using Hollywood to improve your security program

Posted on 29 July 2014.  |  Tripwire CTO Dwayne Melancon spends a lot of time on airplanes, and ends up watching a lot of movies. Some of his favorite movies are adventures, spy stuff, and cunning heist movies. A lot of these movies provide great lessons that we can apply to information security.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Wed, Jul 30th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //