Instagram Vulnerability Allowed Attackers to Hijack App, Spy on Users

Sep. 25, 2020

Researchers at cyber-security firm, Check Point, have detailed a major vulnerability inInstagramthat could have allowed hackers to take over accounts with just one malicious image file. The remote code execution (RCE) vulnerability, whichaffected Instagram’s Android and iOS apps, was discovered earlier this year and was fixed after being reported by Check Point.

According to the researchers, the flaw allowed attackers to perform actions on behalf of the user within the Instagram app, including spying on the victim’s private messages and posting or deleting photos. As if that wasn’t bad enough, it also enabled hackers to execute arbitrary code on the device. The attackers could also have taken advantage of the extensive array of permissions to potentially turn people’s mobile phones into spying tools, said the report.

Describing the flaw, the researchers said that it was a heap buffer overflow that occurred when Instagram tried to upload a larger image believing it to be smaller.“When the image is saved and opened in the Instagram app, the exploit would give the hacker full access to the victim’s Instagram messages and images, allowing them to post or delete images at will, as well as giving access to the phone’s contacts, camera and location data”, they said in an official blog post.

Passionate techie. Professional tech writer. Proud geek.