Published 17:03 IST, September 26th 2020
Instagram bug could have given hackers access to our accounts; now fixed
Instagram had a critical vulnerability that could have given hackers access to anyone's account and could have turned the victim's phone into a spying tool.
The Instagram app had a critical vulnerability that could have given hackers access to anyone's account and could have turned the victim's phone into a spying tool. Check Point researchers discovered the bug and reported it to Facebook earlier this year following which the social media giant fixed it. Since the Instagram app has very extensive permissions, the vulnerability may have allowed an attacker to gain access to GPS data, camera, microphone, contacts, and more.
What was the problem?
Most app developers do not write the entire application on their own. If app developers write an entire application by themselves it would take years, so they use third-party libraries to handle common tasks such as image processing, sound processing, network connectivity, etc. This frees the developers to handle only the coding tasks, which represent the apps core business logic. Check Point was conducting research to examine if these third-party libraries used by Instagram are safe and trustworthy.
Check Point researchers found that Instagram used Mozjpeg, an open-source project used as a JPEG format image decoder for uploading images, had a bug that could have allowed hackers to gain access to users' mobile phones. An attacker can simply send an image to their target victim via email, WhatsApp, or another media exchange platform and when the target user saves the image on their handset, and open the Instagram app later, the exploitation takes place, allowing the attacker full access to any resource in the phone that is pre-allowed by Instagram.
"The patch for this vulnerability has already been available for 6 months prior to this publication, giving time to the majority of users to update their Instagram applications, thus mitigating the risk of this vulnerability being exploited. We strongly encourage all Instagram users to ensure they are using the latest Instagram app version and to update if any new version is available," Check Point said in a release.
Updated 17:03 IST, September 26th 2020