Instagram has become one of the world’s most popular social media platforms, recently reaching over 200 million active monthly users worldwide. However, while you’re busy using public Wi-Fi to add a Valencia filter to a photo of your sandwich, you could be exposing yourself to hackers, warns an article on Network World.
A self-proclaimed “hacker-at-large” from the UK, Stevie Graham, found a configuration problem in the photo-sharing app, which could allow hackers to access a user’s account if they are both on the same Wi-Fi network that doesn’t use encryption. By catching Instagram data whilst it is on the move, attackers can view unencrypted images, user IDs and account keys – which could give them total control of your account.
Graham, who hoped that Facebook would offer him a financial reward for his discovery, claims that he is now working on a tool called “Instasheep” – which could put many Instagram accounts at risk. He wants to draw attention to what he calls an “extremely severe” attack opportunity, which could be easily exploited. Graham wrote that a hacker such as himself “could go to the Apple Store tomorrow and reap thousands of accounts in one day, and then use them to post spam.”
The issue isn’t a new one, having been reported as early as 2012 — but so far, Instagram doesn’t seem to have done much about it. When Graham reported his discovery to Facebook, who owns the photography app, a representative of the company told him that they “accept the risk”, and that they were “working towards a solution in the future.”
It’s still unclear exactly when a solution to this bug might be coming, and whether the company is ready to invest the extra time and processing that encryption would require. However, in the meantime, there are some steps that you can take you reduce some of the risks involved:
With the risks of public Wi-Fi in mind, it’s advisable to only access your Instagram account when using a secure Wi-Fi connection.
The official Instagram website explains that if your account is leaving comments or sharing things you haven’t posted yourself, you may have been hacked. In this case, it is essential to change your account password and send yourself a password re-set e-mail.
You can also contact Instagram’s Help Centre if you think that somebody has gained unauthorised access to your account.
The world of internet security and encryption can be confusing for most people. If you need further information about this, or for other geek-related enquiries, e-mail us at firstname.lastname@example.org or give us a call on (08) 9313 1855.