Tag: Instagram

Instagram (Android / Google Play) on Jan 26, 2017 (upd. on Feb 3th)

This application is available for Android here. This app was designed to share your photos and videos, and keep up with your friends and interests. The latest build was released on January 24, 2017 related to v10.5  (updated released on February 1st, 2017).

Beware of using previous releases, because all your media data is transferred ‘as is’ without protection and rest data items are vulnerable for intercepting (MITM attacks) with crafted certificate and installed on the device as trusted. Have a look

The current release protects the network data items except for media data. The media data is still transferring ‘as is’ without protection. However, the rest data items are protected by SSL Pinning that means a weakness if you have a rooted device only.

Findings Summary

Our examination revealed total 42 items, where were 14 DAR items and 28 DIT items found. Among DAR items were found 0 worst items, 14 bad items, 0 good items, and 0 best items. Among DIT items were found 6 worst items, 0 bad items, 22 good items, and 0 best items.

Below you find 3 infographics summarizing what we described above. Each image provides information about both DAR and DIT items.

This slideshow requires JavaScript.

Everything presented below is related to well-known CWEs, such as Sensitive data leakage [CWE-200], Unsafe sensitive data storage [CWE-312], Unsafe sensitive data transmission [CWE-319]. You can read more about it here.

Now let’s go deeper and examine each data item’s protection level.

Continue reading “Instagram (Android / Google Play) on Jan 26, 2017 (upd. on Feb 3th)”

Instagram 10.4.1 (iOS/ App Store) on Jan 26, 2017 (upd. on Feb 3th, ver 10.6)

This application is available for iOS here. This app was designed to share your photos and videos, and keep up with your friends and interests. The latest build was released on Jan 30th, 2017.

This release transfers all your media data ‘as is’ without protection and rest data is still vulnerable for intercepting (MITM attacks) with crafted certificate and installed on the device as trusted.

Findings Summary

Our examination revealed total 40 items, where were 12 DAR items and 28 DIT items found. Among DAR items were found 0 worst items, 5 bad items, 7 good items, and 0 best items. Among DIT items were found 6 worst items, 22 bad items, 0 good items, and 0 best items.

Below you find 3 infographics summarizing what we described above. Each image provides information about both DAR and DIT items.

This slideshow requires JavaScript.

Everything presented below is related to well-known CWEs, such as Sensitive data leakage [CWE-200], Unsafe sensitive data storage [CWE-312], Unsafe sensitive data transmission [CWE-319]. You can read more about it here.

Now let’s go deeper and examine each data item’s protection level.

Continue reading “Instagram 10.4.1 (iOS/ App Store) on Jan 26, 2017 (upd. on Feb 3th, ver 10.6)”

Instagram (Android / Google Play) on Jan 18, 2017 (upd. on Jan 19th for v10.5)

This application is available for Android here. This app was designed to share your photos and videos, and keep up with your friends and interests. The latest build was released on January 17, 2017 and results are updated on Jan 19th for the last released v10.5 (according to this alternative apk downloader site)

Beware of using previous releases, because all your media data is transferred ‘as is’ without protection and rest data items are vulnerable for intercepting (MITM attacks) with crafted certificate and installed on the device as trusted. Have a look

The current release protects the network data items except for media data. The media data is still transferring ‘as is’ without protection. However, the rest data items are protected by SSL Pinning that means a weakness if you have a rooted device only.

Findings Summary

Our examination revealed total 42 items, where were 14 DAR items and 28 DIT items found. Among DAR items were found 0 worst items, 14 bad items, 0 good items, and 0 best items. Among DIT items were found 6 worst items, 0 bad items, 22 good items, and 0 best items.

Below you find 3 infographics summarizing what we described above. Each image provides information about both DAR and DIT items.

This slideshow requires JavaScript.

Everything presented below is related to well-known CWEs, such as Sensitive data leakage [CWE-200], Unsafe sensitive data storage [CWE-312], Unsafe sensitive data transmission [CWE-319]. You can read more about it here.

Now let’s go deeper and examine each data item’s protection level.

Continue reading “Instagram (Android / Google Play) on Jan 18, 2017 (upd. on Jan 19th for v10.5)”

Instagram 10.4 (iOS / App Store) on Jan 18, 2017 (upd. on Jan 19th for v10.4.1)

This application is available for iOS here. This app was designed to share your photos and videos, and keep up with your friends and interests. The latest build was released on Jan 17, 2017 and results are updated on Jan 19th for the last released v10.4.1.

Beware of using previous releases, because all your media data is transferred ‘as is’ without protection and rest data items are vulnerable for intercepting (MITM attacks) with crafted certificate and installed on the device as trusted. Have a look.

The current release protects the network data items, however the items are still vulnerable for intercepting (MITM attacks) with crafted certificate and installed on the device as trusted.

Why is it still bad? Kazakhstan is going to start intercepting HTTPS traffic via “man-in-the-middle attack” starting Jan 1, 2016

Findings Summary

Our examination revealed total 40 items, where were 12 DAR items and 28 DIT items found. Among DAR items were found 0 worst items, 5 bad items, 7 good items, and 0 best items. Among DIT items were found 0 worst items, 28 bad items, 0 good items, and 0 best items.

Below you find 2 infographics summarizing what we described above. Each image provides information about both DAR and DIT items.

This slideshow requires JavaScript.

Everything presented below is related to well-known CWEs, such as Sensitive data leakage [CWE-200], Unsafe sensitive data storage [CWE-312], Unsafe sensitive data transmission [CWE-319]. You can read more about it here.

Now let’s go deeper and examine each data item’s protection level.

Continue reading “Instagram 10.4 (iOS / App Store) on Jan 18, 2017 (upd. on Jan 19th for v10.4.1)”

Instagram (Android / Google Play) on Jan 15, 2017

This application is available for Android here. This app was designed to share your photos and videos, and keep up with your friends and interests. The latest build was released on December 21, 2016.

This release transfers all your media data ‘as is’ without protection and rest data is still vulnerable for intercepting (MITM attacks) with crafted certificate and installed on the device as trusted.

The new Instagram application is available and has the issues fixed. The media data is still transferring ‘as is’ without protection, however the rest data items are protected by SSL Pinning that means a weakness if you have a rooted device only. Have a look

Findings Summary

Our examination revealed total 42 items, where were 14 DAR items and 28 DIT items found. Among DAR items were found 0 worst items, 14 bad items, 0 good items, and 0 best items. Among DIT items were found 6 worst items, 0 bad items, 22 good items, and 0 best items.

Below you find 3 infographics summarizing what we described above. Each image provides information about both DAR and DIT items.

This slideshow requires JavaScript.

Everything presented below is related to well-known CWEs, such as Sensitive data leakage [CWE-200], Unsafe sensitive data storage [CWE-312], Unsafe sensitive data transmission [CWE-319]. You can read more about it here.

Now let’s go deeper and examine each data item’s protection level.

Continue reading “Instagram (Android / Google Play) on Jan 15, 2017”

Instagram 10.3 (iOS/ App Store) on Jan 15, 2017

This application is available for iOS here. This app was designed to share your photos and videos, and keep up with your friends and interests. The latest build was released on Dec 19, 2016.

This release transfers all your media data ‘as is’ without protection and rest data is still vulnerable for intercepting (MITM attacks) with crafted certificate and installed on the device as trusted.

The new Instagram application is available and has the issues fixed. However, the network data items are still vulnerable for intercepting (MITM attacks) with crafted certificate and installed on the device as trusted. Have a look.

Findings Summary

Our examination revealed total 40 items, where were 12 DAR items and 28 DIT items found. Among DAR items were found 0 worst items, 5 bad items, 7 good items, and 0 best items. Among DIT items were found 6 worst items, 22 bad items, 0 good items, and 0 best items.

Below you find 3 infographics summarizing what we described above. Each image provides information about both DAR and DIT items.

This slideshow requires JavaScript.

Everything presented below is related to well-known CWEs, such as Sensitive data leakage [CWE-200], Unsafe sensitive data storage [CWE-312], Unsafe sensitive data transmission [CWE-319]. You can read more about it here.

Now let’s go deeper and examine each data item’s protection level.

Continue reading “Instagram 10.3 (iOS/ App Store) on Jan 15, 2017”