Instagram patches bug that allowed hackers to take over users' phones

Posted:
in General Discussion
The bug would have allowed a bad actor to take over a user's smartphone by sending a photograph carrying malicious code.

Instagram patches bug that allowed hackers to take over users' phones


The vulnerability was discovered by Check Point Security back in April. Facebook has claimed that they patched the vulnerability and that no one had abused the exploit. Users who haven't updated Instagram are strongly encouraged to do so, to be safe.

It was especially noteworthy because it highlighted how easily a hacker could take over a user's personal device, such as an iPhone.

A hacker could simply send an image loaded with malicious code to a potential victim via email or through a messaging service like Facebook Messenger or WhatsApp.

If the photo were to be stored on the user's device -- a feature that WhatsApp automatically does by default -- and the user opened Instagram, a hacker would be given full control of the user's Instagram account. Additionally, they could control a user's camera and microphone remotely through the exploit.

The vulnerability serves as a reminder for users to routinely check what permissions apps have, especially any app that can control a device's camera or microphone.

"People need to take the time to curate each permission an application has on your device. This 'application is asking for permission' message may seem like a burden, and it's easy to just click 'Yes' and forget about it," Check Point head of cyber research Yaniv Balmas said in a statement to Business Insider. "But in practice this is one of the strongest lines of defense everyone has against mobile cyber-attacks."

Instagram was recently reported to be seemingly activating the camera and microphone indicators during times when the user was generally browsing the app's feed, and not actively requiring the use of the camera or microphone. The company had claimed that it was a bug and that they were working to patch it.

Facebook, the parent company of Instagram, had recently been accused of spying on Instagram users through unauthorized use of iPhone cameras, according to a lawsuit recently filed. It isn't clear if this fix is related to the suit.

Comments

  • Reply 1 of 6
    badmonkbadmonk Posts: 1,327member
    Yes another reason why everyone should think about deprecating the use of Facebook, What’s App and Instagram from their lives.  From the article it sounds like the photo is first transmitted from outside of the IG app and needs to be stored on your device to work.
    watto_cobra
  • Reply 2 of 6
    Why why why is there not an alternative to instagram
    JinTechwatto_cobra
  • Reply 3 of 6
    sflocalsflocal Posts: 6,123member
    It was especially noteworthy because it highlighted how easily a hacker could take over a user's personal device, such as an iPhone


    If the photo were to be stored on the user's device -- a feature that WhatsApp automatically does by default -- and the user opened Instagram, a hacker would be given full control of the user's Instagram account. Additionally, they could control a user's camera and microphone remotely through the exploit.


    This is NOT taking over a user's iPhone.  This is a bug in Instagram that allows someone to take over a user's Instagram account.  Big difference.

    It's frustrating when "news" turns out to be clickbait.  AI needs to be better than going this route.
    muthuk_vanalingamwatto_cobra
  • Reply 4 of 6
    JinTechJinTech Posts: 1,053member
    sflocal said:
    It was especially noteworthy because it highlighted how easily a hacker could take over a user's personal device, such as an iPhone


    If the photo were to be stored on the user's device -- a feature that WhatsApp automatically does by default -- and the user opened Instagram, a hacker would be given full control of the user's Instagram account. Additionally, they could control a user's camera and microphone remotely through the exploit.
    It's frustrating when "news" turns out to be clickbait.  AI needs to be better than going this route.
    But then AI won't get the click... but I do agree with you.
    watto_cobra
  • Reply 5 of 6
    MplsPMplsP Posts: 4,004member
    So if this was discovered last April, why did it take Instagram/Facebook 5 months to patch it?
    watto_cobra
Sign In or Register to comment.