Breaking News
Loading...
Saturday, 1 December 2012

Info Post
Following my latest report on Instagram ,Instagram 3.1.2 for iPhone (released on Oct 23, 2012) is vulnerable to a session riding attack that could lead an attacker on the same network to gain access to the victim’s account.

In this PoC exploit an attacker on the same LAN of the victim could launch a simple ARP spoofing attack to trick mobile devices into directing port 80 traffic through the attackers machine. When the victim starts the Instagram app and performs any action that requires authentication, such as liking or unliking pictures, a plain text cookie is sent to the Instagram server, once the attacker gets the cookie he is able to login into the user’s account via web and perform a variety of actions.

The compromise uses a method called ARP (Address Resolution Protocol) spoofing,
an ARP spoofing attack redirects Instagram requests from the iPhone into a custom hyperfox proxy, when the proxy detects an Instagram cookie, a file cookie/$IP_ADDRESS.txtis created containing the cookie value.
After the attacker gets a cookie, he could use a plugin like Modify Headers on Firefox to sign in as the user on the secure URL https://instagram.com/accounts/edit/ where he could change personal data, such as the user’s e-mail address, and compromise the account., Reventlov wrote.


Credit  : The attack was developed by a security researcher Carlos Reventlov


0 comments:

Post a Comment