Instagram Bug Let Hackers Spy On You By Sending Tweaked Images
Details of a bug on the Android and iOS Instagram app reveal that hackers could spy on you by uploading an image. Not only that, the bug could also cause Instagram to crash repeatedly until it is uninstalled and reinstalled.
Gal Elbaz of Check Point, said cybersecurity firm Bleeping computer on the problem. The Instagram bug was a vulnerability caused by embedding third-party code. This bug can allow hackers to send a specially edited image to your phone, designed to overwrite Instagram and spy on users.
How did this Instagram bug work?
It started with the hacker sending a corrupted image to your email or WhatsApp. If you saved this image, the bug has become active. Then when you open Instagram the bug started to do its job. Basically it was only able to crash the app multiple times, but in the hands of a seasoned hacker it can expose your entire phone.
An error was found in the function for managing image sizes, causing memory allocation problems or an integer overflow. This bug was also capable of corrupting your phone memory.
Instagram usually has access to critical phone functions. It can access storage, microphone, camera, as well as location. So, if a bug is carefully planted, the hacker can remotely control your phone, without you even knowing it.
Facebook fixed it
The bug was reported to Facebook by Check Point. It has been identified as a technique called a heap buffer overflow. This happens when Instagram tries to upload a large image, believing it to be a smaller size. In her report, Gal Elbaz explained how embedding third-party code can lead to remote execution risks, such as application crashes and spying.
In this case, an open-source image encoder, Mozjpeg had been identified as the weak point. The job of an image encoder here is to compress the images while maintaining their quality. Facebook previously fixed the problem and issued a security advisory about it. Check Point never discovered the limit at which the bug could be used to abuse user privacy, as Facebook fixed the issue.
The Instagram post Bug Let Hackers Spy On You By Sending Tweaked Images first appeared on Fossbytes.