Instagram Vulnerability Allowed Hackers Access to Control Your Phone

  • By Dawna M. Roberts
  • Published: Sep 29, 2020
  • Last Updated: Mar 18, 2022

Security experts Check Point Research discovered a critical vulnerability while examining Instagram’s code that not only allows hackers full access to your Instagram account but also your mobile device. 

How Does the Vulnerability Work?

Check Point Research evaluated Instagram security code for both iOS and Android platforms and found the issue on Android (named: CVE-2020-1895), an integer overflow that controls the dimensions of a JPEG file. It ties in with an open-source JPEG encoder library called MozJPEG integrated into Instagram to compress images efficiently. The vulnerable function in question is called (“readjpgcopy_loop”).

Using this bug in the code, hackers can manipulate the file size of a JPEG and when the code crashes, use that opportunity to overwrite the functions and control what the program does. Hackers could have easily exploited this error by sending the user a JPEG with malformed dimensions via email or WhatsApp to trigger the fault and then replace the code with a function of their own. 

The most alarming aspect of this vulnerability is that it allows hackers to target someone’s Instagram account and send commands to the mobile device accessing hardware or software components at will. The bug is as effective as any malware infection allowing cybercriminals to spy on the victim and access the most private areas of their phone. This intrusion is a gateway to identity theft and a serious invasion of privacy.

Since this heap overflow bug is tied to Instagram and the app’s permission allows access to the phone’s camera, microphone, photo library, contacts, GPS, and more, it leaves the user very vulnerable to all sorts of privacy violations and the loss of personal information.

What is Facebook Doing About It?

Check Point Research reported their findings and test results to Facebook, and the company quietly released a patch back in April to fix the issue. However, they did not announce it to users, and since some may not have updated the app, their phones could still be using the vulnerable code. 

Facebook confirmed they found no evidence that the vulnerability was used to exploit mobile devices on a large-scale event. However, this does not mean that hackers didn’t discover and use it to access personal data before the issue was fixed. 

According to an expert with Check Point Research, although “fuzzing the code” exposed this vulnerability and a few others within Instagram, it is possible and even likely that additional bugs exist that were not found, and hackers could potentially exploit them to take control. 

What Can You Do to Stay Safe?

If you are one of the 1 billion monthly Instagram users, update your app immediately. Make sure you have the most recent version. According to Facebook, this issue affects any version prior to 128.0.0.26.128. Some other tips to stay safe from identity theft are:

  • Update your mobile phone’s security and apply all patches as soon as they are available.
  • Consider installing anti-spyware or anti-malware software and running deep scans of your mobile device often.
  • Review all your app’s permissions and deny access whenever possible to limit your exposure.
  • Think before approving access to any program, app, or pop-up.
About the Author
IDStrong Logo

Related Articles

46,000 Veterans and 13 Community Care Providers Affected by a VA Data Breach

The Incident Early last week, the Department of Veteran Affairs (VA) was breached by an unknown c ... Read More

Alien Malware Infects More than 226 Mobile Apps and Steals Bank Data

As reported on September 24, 2020, by ZDNet and ThreatPost, a new strain of malware named “A ... Read More

Universal Health Systems Hit by Ransomware Attack

Universal Health Systems (UHS), a Fortune 500 company owning more than 400 hospitals across the co ... Read More

Exchange Server Bug Exposes a Big Risk to Hackers

Months after Microsoft released a patch to fix a serious flaw in MS Exchange Server, more than 61% ... Read More

Clients’ Bank Data Exposed in Blackbaud Ransomware Attack

Blackbaud software was victim to a ransomware attack last May, and new information suggests that c ... Read More

Latest Articles

What You Need to Know about the Delta Dental Data Breach

What You Need to Know about the Delta Dental Data Breach

Delta Dental is a dental insurance provider serving over 90 million Americans. It offers coverage in all 50 states, Puerto Rico, and Washington, D.C. The company was established in 1966 in California as part of the Delta Dental Plans Association.

What You Need to Know about the Hot Topic Data Breach

What You Need to Know about the Hot Topic Data Breach

Hot Topic plays in the fashion, apparel, and shoe industry as a retailer of music-influenced apparel and accessories, such as jeans, tops, belts, dresses, pajamas, sunglasses, jewelry, and tees.

Google Voice Scams: What They Are and How to Stay Safe

Google Voice Scams: What They Are and How to Stay Safe

Google Voice scams continue to pose a risk for users of this service. Scammers continuously attempt to lure users into divulging their verification PIN code.

Featured Articles

How to Buy a House with Bad Credit

How to Buy a House with Bad Credit

Buying your own home is the American Dream, but it might seem out of reach to those with bad credit. However, the good news is, if your credit is less than perfect, you do still have options and in most cases, can still buy a home.

How Secure Is Your Password? Tips to Improve Your Password Security

How Secure Is Your Password? Tips to Improve Your Password Security

Any good IT article on computers and network security will address the importance of strong, secure passwords. However, the challenge of good passwords is that most people have a hard time remembering them, so they use simple or obvious ones that pose a security risk.

Top 10 Senior Scams and How to Prevent Them

Top 10 Senior Scams and How to Prevent Them

Senior scams are becoming a major epidemic for two reasons. First, seniors often have a lot of money in the bank from a life of working hard and saving.

Notice

By proceeding with this scan, you agree to let IDStrong run a Free Scan of supplied parameters of your personal information and provide free preliminary findings in compliance with our Terms of Use and Privacy Notice. You consent to us using your provided information to complete the Free Scan and compare it against our records and breach databases or sources to provide your Free preliminary findings report.

Rest assured: IDStrong will not share your information with third parties or store your information beyond what is required to perform your scan and share your results.

Free Identity Threat Scan
Instantly Check if Your Personal Information is Exposed
All fields below are required
Please enter first name
Please enter last name
Please enter a city
Please select a state
Please enter an age
Please enter an email address
Close