Major problem with Instagram: how you became a safe victim in front of hackers

Elections in the US: What is the importance of the Latino vote and how many can vote?

They are the first minority in the country. With a record 32 million qualified Hispanics, they will be key in Tuesday's elections.Hispanics are...

The consumption of adulterated alcohol already leaves 18 people dead in Honduras

The death of a 60-year-old man has raised this Friday to 18 the number of deaths in Honduras for consuming adulterated alcohol during the...

The mayor of a small American town used a face mask decorated with the Finnish flag

The US media NBC News flashed something very familiar to Finns. Namely, the mayor of Lordstown, a small town in Ohio Arno Hill...

Elections in the US: Trump and Biden’s plans for Argentina and Latin America

Interviews with Juan Cruz, former adviser to the president for the region, and Arturo Valenzuela, former collaborator of the Democratic candidate.Juan Cruz was director...

EU calls for in-depth WHO reform: proposals made by Health Ministers in 27 Member States

Health ministers from the 27 European states have reached a "unanimous agreement in favor of reforms" at the WHO, which needs to become "more...

In a report, Check Point researchers revealed details of a critical vulnerability in the Android app for Instagram. It would have allowed the attackers to take remote control over a targeted device just by sending a specially created image to the victims’ phones.

The problem not only allows hackers to perform actions on behalf of the user within the Instagram application, including spying on the victim’s private messages and even deleting or posting photos from their accounts, but can even execute code on the device.

The Instagram issue has been kept secret

right a message posted by Facebook, the security issue affects all versions of Instagram before “This vulnerability makes the device a tool to spy on targeted users without their knowledge, and allows malicious manipulation of their Instagram profile,” Check Point Research said in their analysis. “In both cases, the attack could lead to a massive invasion of user privacy and damage its reputation, or it could lead to even more serious security risks.”

After the findings were reported on Facebook, the company addressed the issue with an update released six months ago.

The disclosure has been delayed all this time to allow most Instagram users to update the app, thus reducing the risk that this vulnerability may introduce.

Hackers could access your phone applications

Conform Check Point, memory corruption vulnerability allows remote code execution that, given Instagram’s extensive permissions to access a user’s camera, contacts, GPS, photo gallery, and microphone, could be leveraged to perform any malicious action on infected device.

As for the error itself, it comes from the way Instagram integrated MozJPEG, causing an overload when the function in question tries to analyze a malicious image with specially created dimensions.

The consequence of such a vulnerability is that all a potentially malicious actor has to do is send a corrupt JPEG image to a victim via email or WhatsApp.

Once the recipient saves the image on the device and launches Instagram, the exploitation takes place automatically, giving the attacker full control over the application.

Although Facebook has confirmed that there were no signs that this bug has been exploited globally, the incident is a good reminder of the importance of constantly updating applications and taking into account the permissions you grant them.


Related Articles