In today’s world, virtual life has taken precedence over real life. This is more commonly seen among the teenagers who assume that the number of likes and shares on the profile picture on a social media account is directly proportional to the popularity and likability of that person. Our day now begins with a selfie of preparing pancakes for breakfast and ends with a goodnight pout. Social media websites and applications are reigning over your life.
Instagram is the latest buzz. It is relatively new, only six years old. However, in this short tenure, it has gathered 400 million subjects. It is a simple application for posting and sharing photos and videos. But it has us all addicted.
We all want to know how to hack an Instagram account.
Some of us curious souls are want to know what it would be like to wear the shell of a celebrity. Instagram is particularly popular among the celebrities. The platform, itself has made it possible for some to earn the celebrity status with millions of followers across the world. We get to see small bits of their lives: we see them hanging out with their friends, we see them vacationing on an exotic island, we see them getting dressed beautifully for a date. Some notification or the other keeps teasing throughout the day. Some of us wonder what it would be like to switch identities, receive all the attention and admiration and get to know all the secrets.
Some want to know how to hack an Instagram account to keep track of their girlfriend’s activity on the platform or to know their daughter might be hiding from them.
Hackers have nothing but good news in this regard. There are numerous methods in which Instagram can be hacked. Since the acquisition of Instagram by Facebook, Facebook has been trying desperately to mend the loopholes in Instagram’s insecurity. But hackers slip from between their fingers to gain an entry.
The innumerable security flaws combined with weak password policy makes Instagram a soft target for hackers. In fact, two-factor authentication was only recently introduced in this platform. Previously, Instagram has proven to be vulnerable to brute force attacks and malicious codes. Many of these bugs were reported and mended but action has still not been taken against some.
An example of one such flaw was witnessed on the version 3.1.2 on the Instagram App on iPhone by Carlos Reventlov. He discovered that apart from sensitive data such as logging in and editing profile, data transferred from the iOS to Instagram was not encrypted. In order to take advantage of this situation, all a hacker has to do is get his hands on the cookie, that is sent to the Instagram server when the victim starts the Instagram application on his iPhone. This will enable the hacker to send special HTTP request to obtain data and delete images. The interception of the cookie is a relatively simple task if the hacker and victim are on the same Local Area Network. It can be achieved by a simple man in the middle attack.
It does not stop there. The hacker can go on to access the images of anyone who is friends with the victim. He can edit data and delete the photo, according to his wish. It is possible to take it a few steps further and accomplish complete take-over of an Instagram account, by using a method known as Address Resolution Protocol spoofing. If the victim and the hackers are on the same LAN, this method channelizes the victim’s web traffic through the hacker’s computer. The hacker can intercept the cookie in plain text easily. He can also modify the headers of the web browser during the data transmission to the Instagram servers. In doing so, the hacker will be able to sign is the victim and alter the email address associated with his/her Instagram account.
Another weakness of the Instagram security that can be exploited by hackers is the OAuth vulnerability. This enables hackers to take over Instagram account either by taking advantage of Instagram OAuth or Facebook OAuth. Redirect_uri allows the user to go to the owner app domain. However, on applying a suffix trick on the owner app domain, a hacker can bypass Instagram OAuth and send the access token to their own domain. A successful hack allows the hacker to gain access to private photos, edit and delete comments made by the victim, add and delete photos from the victim’s account.
Instagram app is integrated with Facebook, allowing users to upload and share pictures simultaneously on the two platforms. The client_id value through Facebook OAuth can also be taken advantage of. Hackers have discovered that users can use any domain in the redirect_uri.next parameter. This is another way in which the hacker can steal the access token.
Another popular method which the hackers use frequently is SQL injection. Through SQL injection, they gain entry into the database where user ids and associated passwords of all 400 million users of Facebook are stored. The password of the victim’s account can be obtained in an encrypted format. Decrypting is a piece of cake in case of predictable passwords. Considering the owner of Instagram, Zuckerberg himself uses “dadada” as his LinkedIn and Pinterest password, it would safe to assume that the chances of cracking the password are pretty high.
To hack the Instagram of the password of someone known to you is a much easier job. All you need is the power of persuasion and a software called keylogger, that comes in very handy in these situations. Keylogger stores everything that was typed in the device since it was switched on. If you can convince your victim to log in to their Instagram account from your PC or phone, while keylogger is running, you can obtain the password to your victim’s account. Since the password, without exception, follows the username identifying it is not much of a job. There, you have unlimited access to victim’s profile, to do with it as you please.