Hacking, Tools And Tricks, Vulnerability

Instasheep — Instagram Account Hacking Tool Released



 Two days ago, we reported at http://professionalhackers.in about a critical issue in the most popular image and video sharing service, Instagram app for mobiles, that allows an attacker to hijack users’ account and successfully access private photos, delete victim’s photos, edit comments and also post new images.
Yesterday, a London developer Stevie Graham has released a tool called “Instasheep” a play on the 2010 Facebook stealer Firesheep, a Firefox extension that can be used to compromise online accounts in certain circumstances automatically using a click of mouse.

 

Graham discovered the Instagram issue years ago and was shocked when he realized it hadn’t been fixed by Facebook yet. He released the tool after claiming Facebook refused to pay a bug bounty for his reported vulnerabilities affecting the Instagram iOS mobile application.

Graham tweeted about the issue: “Denied bug bounty. Next step is to write automated tool enabling mass hijacking of accounts,” he wrote. “Pretty serious vuln, FB. please fix.



The largest social networking giant Facebook was reportedly aware of the issue related to its Instagram iOS app and was working on a fix by deploying HTTPS across its portfolio, but still it is not clear that how much time it will take.
The right use of vulnerability could expose iOS app users to man-in-the-middle (MitM) attacks as we earlier said Instagram sends some unencrypted data with the session cookie. An attacker could then reuse these intercepted HTTP session cookies on another system/browser to hijack the session of the victim’s Instagram account.
I don’t agree the barrier to exploit is high. All it takes is one sufficiently skilled person to release a tool so simple even a script kiddie can use it. At that point Pandora’s Box has been blown apart,” Graham wrote on YCombinator.


Instagram co-founder Mike Krieger has responded to issue via the same YCombinator website and said, “We’ve been steadily increasing our HTTPS coverage–Instagram Direct, for example, which we launched in late 2013, is 100% HTTPS. For the remainder of the app, especially latency-sensitive read endpoints like the main feed and other browsing experiences, we’re actively working on rolling out HTTPS while making sure we don’t regress on performance, stability, and user experience. This is a project we’re hoping to complete soon, and we’ll share our experiences in our eng blog so other companies can learn from it as well.

Graham rolled out an “Instasheep” tool automating process in order to force Facebook’s hand, although the company ought to speed up its efforts on deploying HTTPS.

 



Previous ArticleNext Article

Founder and Editor-in-Chief of ‘Professional Hackers India’. Technology Evangelist, Security Analyst, Cyber Security Expert, PHP Developer and Part time hacker.

8 Comments

  1. 51 yr old Gastroenterologist Amado from Mont-Tremblant, spends time with hobbies for instance boating, Femnot.com and
    fish keeping. Finds travel an enlightening experience after planning to
    Madriu-Perafita-Claror Valley.

  2. We have be a faithful and trustworthy real estate industry and offer their
    best services. While these cars could possibly be displaying a
    number of Henry Ford’s works, additionally, there are a few by other car
    designers as well as perhaps even manufacturers. The wellbeing characteristic of these structures additionally assumed an element in the expanded patterns of steel buildings in United
    Kingdom.

  3. The desert may become very hot in the daytime and going set for a hotel that’s
    stingy in internal climate control can lead to many complications.
    5 beyond 5 from the guests and such commendable statistics say a
    great deal in regards to the hotels popularity and its standards.

    There are, however, still a lot of areas which might be yet to be discovered through the masses, tend to be
    low key and wallet-friendly.

  4. This is stylized inside the same fashion because old-fashioned the surface of the house weather vane.
    You can discuss these ideas which has a dependable design and construct
    company in an attempt to counsel you for the feasibility in the plan along
    with supply you with a range of the smartest options to make it happen. Average
    home loan repayments amount to about 30 % or higher of homeowners’ gross income, sometimes
    reaching all the way to 1 / 2 with their net income.

Leave a Reply