Instagram App Bug Could've Given Hackers Remote Access to Your Phone


By MYBRANDBOOK


Instagram App Bug Could've Given Hackers Remote Access to Your Phone

There is a critical vulnerability in Instagram's Android app that could have allowed remote attackers to take control over a targeted device just by sending victims a specially crafted image, as per Check Point Research. The concern is on , that the flaw not only lets attackers perform actions on behalf of the user within the Instagram app-including spying on victim's private messages and even deleting or posting photos from their accounts-but also execute arbitrary code on the device.

 

The bug in question lay in Instagram’s open source JPEG image decoder, Mozjpeg. To carry out this remote hack, attackers simply sent Instagram users a JPEG image file. If unsuspecting users downloaded the file and open the Instagram app again, the remote access tool (RAT) malware come into effect, and attackers could remotely escalate their privilege on the compromised device based on all the device permissions that Instagram has on it. For the app to function, Instagram typically takes access for camera, user location, microphone, storage and more, all of which are believed to have been vulnerable to the flaw.

 

According to Check Point, once an account was compromised, the user’s Instagram app would keep crashing, until the app would be uninstalled with a full data erase, and restored. Giving the critical nature of the flaw, Facebook is said to have urgently issued a flaw for this bug about six months ago. The flaw affected both the Android and iOS apps of Instagram, and was detected when Check Point researchers were exploring potential vulnerabilities in Instagram’s third party project integrations – of which Mozjpeg was one of them.

 

Flaws such as these are increasingly common, particularly with an increasing frequency of cyber attacks across all services. Recently, in light of increasing vulnerability disclosures, WhatsApp introduced a security disclosures page, where it will lay down key flaws that have been patched by them in the past. Given that Facebook, WhatsApp and Instagram work with similar principles, it remains to be seen if Instagram’s hierarchy decides to introduce a similar disclosure page as well.

 E-Magazine 
 VIDEOS  Placeholder image

Copyright www.mybrandbook.co.in @1999-2024 - All rights reserved.
Reproduction in whole or in part in any form or medium without express written permission of Kalinga Digital Media Pvt. Ltd. is prohibited.
Other Initiatives : www.varindia.com | www.spoindia.org