Instagram Photo Flow Helps Hackers to Spy on Users
Instagram is again at the center of a scandal. This time, experts have discovered a vulnerability in an application that allows hackers to spy on the social network. They use a special code and control the camera and microphone of the user’s smartphone to do this.
As you know, Facebook owns Instagram and WhatsApp. Recently, a dangerous text bomb was spreading through this app. The bomb disrupted the entire messenger.
Instagram has long had a bad reputation in the security sphere. It is part of a Facebook company that has many technical holes in its security system. More than once users have encountered various problems and stories of data leaks from this service.
This time, hackers use a special malicious file that is sent via WhatsApp, SMS, email, etc. After this file is saved on the user’s device, when the user opens Instagram and selects the appropriate photo to upload to their profile, at the same time, this file will be transferred to the library of images and allows spying on the user on Instagram. The hacker gets access to all personal messages, photos, contacts, etc.
The security portal Check Point proved the information. According to the portal, this flaw in the app may cause the app to crash: users will not be able to open their profiles until the app is reinstalled on the device.
Recently, there was a huge Data Leak of Telegram User Base. If you didn’t know something about it, read the article and choose the real alternative to Telegram.
More about the bug
The vulnerability involves the photo flow process on Instagram. In this case, the app uses a specific open JPEG decoder that has been developed by Mozilla. It is called MozJPEG. Instagram uses it to process photos before publishing them.
The problem with this process was that the feature was incorrectly used on the platform, so that an integer overflow can occur with the read_jpg_copy_loop function during photo decompression.
Facebook has already stated that the bug was fixed, and this technical hole caused no serious damage. The bug has received a 7.8 severity score (out of 10) on the CVSS vulnerability assessment. It affected versions of the app up to 184.108.40.206.128. The vulnerability affects access to the microphone, camera, passwords, and other built-in tools.
By the way, the platform’s technical support notes that Instagram is not the only app that has technical vulnerabilities. A prime example is any mapping application that has access to the user’s location.
Signal PINs are in real danger. The popular messenger at risk. It’s high time to choose another reliable app for daily chatting.
How to protect yourself?
First, update the app as often as possible. Second, if you haven’t updated the app in the last 6 months, now is the time to do so. To do this, use only the official app stores for iOS and Android. In conclusion, for total peace of mind, look for other, safer social networks and systems.