Instagram Had a Major Bug That Could Have Given Hackers Full Control of Your Account

Instagram reportedly had a major bug that could have allowed hackers to remotely gain full access to your account. A breach of this nature could have allowed anyone gaining access to read and manipulate your Instagram direct messages and post anything from your Instagram account. Making matters worse, the bug could have allowed attackers to also get access to your entire contacts list, along with your phone camera and location data. Thankfully, Check Point’s researchers detected and alerted Facebook about the bug earlier this year, which was then patched with critical urgency.

The bug in question lay in Instagram’s open source JPEG image decoder, Mozjpeg. To carry out this remote hack, attackers simply sent Instagram users a JPEG image file. If unsuspecting users downloaded the file and open the Instagram app again, the remote access tool (RAT) malware come into effect, and attackers could remotely escalate their privilege on the compromised device based on all the device permissions that Instagram has on it. For the app to function, Instagram typically takes access for camera, user location, microphone, storage and more, all of which are believed to have been vulnerable to the flaw.


According to Check Point, once an account was compromised, the user’s Instagram app would keep crashing, until the app would be uninstalled with a full data erase, and restored. Giving the critical nature of the flaw, Facebook is said to have urgently issued a flaw for this bug about six months ago. The flaw affected both the Android and iOS apps of Instagram, and was detected when Check Point researchers were exploring potential vulnerabilities in Instagram’s third party project integrations – of which Mozjpeg was one of them.

Flaws such as these are increasingly common, particularly with an increasing frequency of cyber attacks across all services. Recently, in light of increasing vulnerability disclosures, WhatsApp introduced a security disclosures page, where it will lay down key flaws that have been patched by them in the past. Given that Facebook, WhatsApp and Instagram work with similar principles, it remains to be seen if Instagram’s hierarchy decides to introduce a similar disclosure page as well.


Speak Your Mind

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Get in Touch

350FansLike
100FollowersFollow
281FollowersFollow
150FollowersFollow

Recommend for You

Oh hi there 👋
It’s nice to meet you.

Subscribe and receive our weekly newsletter packed with awesome articles that really matters to you!

We don’t spam! Read our privacy policy for more info.

You might also like

California says 10% of state has opted in to...

This week, California residents started receiving push notifications on their smartphones prompting them to...

Fintech giant Adyen says it has no interest in...

The Adyen logo displayed on a smartphone.Rafael Henrique | SOPA Images | LightRocket via...

The NFL will use Microsoft Teams to let fans...

Imagine Patrick Mahomes staring at you after he scores a game-winning touchdown for the...