Unlike older generations, our generation is where this online socialization has started and spread widely up to a limit where it is now uncommon to not be on social media. Starting from Facebook where it trended for years after the launch of Instagram, people started shifting to this. Might be because of the handy options and easier and trendy style that the Instagram served to the users. Even though people are still hung on Facebook, the craze has surely shifted to Instagram. But now something has happened. Yes, the most used social media application ‘INSTAGRAM’ might not be safe.
What’s up with Instagram?
A crucial flaw in Instagram has been patched by Facebook that could lead to remote code execution and the hijack of mobile cameras , microphones, and much more.
The flaw gives an attacker “the ability to take over a victim’s Instagram account and turn their phone into a spying tool”, experts said.
One of the most used sites for social media is Instagram. It is used by people to socialize, build friendships, encourage, as well as to do business. And its security and privacy policies encourage users to trust and use it. But lately, troubling news about Instagram’s security has arisen. The latest discovery of the checkpoint has found a bug in which hackers may use an image file to reach all your direct messages, posts of your account, and they can even track down your location from your Instagram.
As per the checkpoint, the user’s application will continue to fail if an account is corrupted until the application is uninstalled and recovered with full data erase. Facebook has already taken a move on this bug six months earlier, realizing the article’s essence of the case. Instagram applications in Android as well as iOS were affected by the bug. When their researcher was investigating the possible bugs on the app, the major one was noticed by the checkpoint.
“A large heap overflow could occur in Instagram for Android when attempting to upload an image with specially crafted dimensions. This affects versions prior to 220.127.116.11.128,” the advisory says.
“We’ve fixed the issue and haven’t seen any evidence of abuse,” Facebook said. “We’re thankful for Check Point’s help in keeping Instagram safe.”
What does the bug do exactly?
“Technically speaking, the issue itself was a buffer overflow and it is caused by sending a picture with a large size, while fooling the application into believing it’s much smaller. This causes an overwrite and let us do our magic” – Check Point
The main thing was Mozjpeg’s open-source JPEG image decoder in the applications. And hackers have literally given Instagram users a JPEG picture file to carry out the attacks. Then if users who do not realize and open the file and update and restart the program, the RAT malware remote access tool comes into play and the hackers will have their access into the users’ account. And anything allowed on the app, including location, photos, details, etc., will become insecure.
“A crafted image file can contain a payload able to harness Instagram’s extensive permissions list on a mobile device, granting access to any resource in the phone that is pre-allowed by Instagram,” the team says.
“The vulnerability would have given the hacker full access to the victim’s Instagram messages and images, allowing them to post or delete images at will,” researchers said.
Check Point cybersecurity researchers said on Thursday in a blog that sending a single malicious picture would be enough to take over your Instagram account. If a crafted picture is sent even by mail, WhatsApp, SMS, or some other networking channel, an attack can be activated and then stored to the computer of a target. Even If an image is stored locally or remotely or not, just accessing Instagram afterwards, would be enough to activate malicious code.
“At the most basic level, the exploitation could be used to crash a user’s Instagram app, denying them access to the app until they delete it from their device and re-install it, causing inconvenience and possible loss of data,” Check Point added.
Check Point’s Yaniv Balmas said: “People need to take the time to check the permissions an application has on your device. “This ‘application is asking for permission’ message may seem like a burden, and it`s easy to just click ‘Yes’ and forget about it. But in practice this is one of the strongest lines of defense everyone has against mobile cyber-attacks, and I would advise everyone to take a minute and think, ‘do I really want to give this application access to my camera my microphone, and so on?'”
What should i do?
Recieved a message with an image or file attatched? First thing! Don’t open it!- your phone could be at risk!
It’s too terrible, this bug. But, unless you save the photos you get in the texts, it won’t ruin your device. To cause the hack, just seeing it on Instagram or WhatsApp will not be enough. And Instagram did issue a patch for the bug that can be downloaded now. The problem is totally eliminated from your device by updating the software, and the malicious images won’t have harmful consequences.
Users that have not updated their application to the most recent version could still be exposed. So check your version of Instagram on your devices and if not the latest version, make sure you update it as soon as possible. You don’t want to risk your account to be hacked, do you?