Instagram App Bug Could’ve Given Hacker Remote Access to Your Phone

Ever wonder how hackers can hack your smartphone remotely?

- Advertisement -

In a report shared with The Hacker News today, Check Point researchers disclosed details about a critical vulnerability in Instagram’s Android app that could have allowed remote attackers to take control over a targeted device just by sending victims a specially crafted image.

What’s more worrisome is that the flaw not only lets attackers perform actions on behalf of the user within the Instagram app—including spying on victim’s private messages and even deleting or posting photos from their accounts—but also execute arbitrary code on the device.

According to an advisory published by Facebook, the heap overflow security issue (tracked as  CVE-2020-1895 , CVSS score: 7.8) impacts all versions of the Instagram app prior to 128.0.0.26.128, which was released on February 10 earlier this year.

“This [flaw] turns the device into a tool for spying on targeted users without their knowledge, as well as enabling malicious manipulation of their Instagram profile,” Check Point Research said in an analysis published today.

Instagram

- Advertisement -

“In either case, the attack could lead to a massive invasion of users’ privacy and could affect reputations — or lead to security risks that are even more serious.”

Instagram App Bug Could've Given Hacker Remote Access to Your Phone
Instagram App Bug Could’ve Given Hacker Remote Access to Your Phone

After the findings were reported to Facebook, the social media company addressed the issue with a patch update released six months ago. The public disclosure was delayed all this time to allow the majority of Instagram’s users to update the app, thereby mitigating the risk this vulnerability may introduce.

Although Facebook confirmed there were no signs that this bug was exploited globally, the development is another reminder of why it’s essential to keep apps up to date and be mindful of the permissions granted to them.

Yaniv Balmas, the head of cyber research at Check Point, provided the following safety tips for smartphone users:

  1. Update! Update! Update!  Make sure you regularly update your mobile application and your mobile operating systems. Dozens of critical security patches are being shipped out in these updates every week, and each one can potentially have a severe impact on your privacy.
  2. Monitor permissions.  Pay better attention to applications asking for permission. It’s effortless for app developers to ask the users for excessive permissions, and it’s also very easy for users to click ‘Allow’ without thinking twice.
  3. Think twice about approvals.  Take a few seconds to think before you approve anything. Ask: “do I really want to give this application this kind of access, do I really need it?” if the answer is no, DO NOT APPROVE.

Also Read:

YOU MIGHT LIKE

PUBG Mobile India was Recently Registered as a Company and Launch Soon

PUBG Mobile is one of the leading mobile battle royale titles. The game has amassed a massive fan base worldwide and holds a special place...

Xiaomi India Black Friday sale

Xiaomi has announced that it will be holding a Black Friday sale in India, starting from November 26, which will go on till November...

YouTube 8K Streaming Support Reportedly Rolling Out to Select Android TV Users

YouTube is reportedly rolling out 8K streaming support for select Android TV users as part of the company’s plans to possibly bring the feature to all users everywhere. According...

Indian Government Bans 43 More Chinese Apps Including Ali Express

The Indian Government has today banned another 43 apps of Chinese origin under section 69A of the Information Technology Act. The news was released...

2FA bypass discovered in web hosting software cPanel

Security researchers have discovered a major security flaw in cPanel, a popular software suite used by web hosting companies to manage websites for their customers. The...

Leave A Reply

Please enter your comment!
Please enter your name here