Published 17:03 IST, September 26th 2020

Instagram bug could have given hackers access to our accounts; now fixed

Instagram had a critical vulnerability that could have given hackers access to anyone's account and could have turned the victim's phone into a spying tool.

Reported by: Vishal Tiwari
Follow: Google News Icon
  • share
null | Image: self
Advertisement

The Instagram app had a critical vulnerability that could have given hackers access to anyone's account and could have turned the victim's phone into a spying tool. Check Point researchers discovered the bug and reported it to Facebook earlier this year following which the social media giant fixed it. Since the Instagram app has very extensive permissions, the vulnerability may have allowed an attacker to gain access to GPS data, camera, microphone, contacts, and more.

Read: US: Hacked Software Provider Acknowledges Ransomware Attack

Advertisement

What was the problem?

Most app developers do not write the entire application on their own. If app developers write an entire application by themselves it would take years, so they use third-party libraries to handle common tasks such as image processing, sound processing, network connectivity, etc. This frees the developers to handle only the coding tasks, which represent the apps core business logic. Check Point was conducting research to examine if these third-party libraries used by Instagram are safe and trustworthy. 

Read: Hacked Software Provider Won't Say If Ransomware Involved

Advertisement

Check Point researchers found that Instagram used Mozjpeg, an open-source project used as a JPEG format image decoder for uploading images, had a bug that could have allowed hackers to gain access to users' mobile phones. An attacker can simply send an image to their target victim via email, WhatsApp, or another media exchange platform and when the target user saves the image on their handset, and open the Instagram app later, the exploitation takes place, allowing the attacker full access to any resource in the phone that is pre-allowed by Instagram.

Read: US Judge Sentences British National To 5 Years In Prison For Hacking

Advertisement

"The patch for this vulnerability has already been available for 6 months prior to this publication, giving time to the majority of users to update their Instagram applications, thus mitigating the risk of this vulnerability being exploited. We strongly encourage all Instagram users to ensure they are using the latest Instagram app version and to update if any new version is available," Check Point said in a release. 

Read: Chinese Hackers Continue To Target US COVID-19 Research, Warns FBI Director
 

Advertisement

17:03 IST, September 26th 2020