The bug would have allowed a bad actor to take over a user’s smartphone by sending a photograph carrying malicious code.
The vulnerability was discovered by Check Point Security back in April. Facebook has claimed that they patched the vulnerability and that no one had abused the exploit. Users who haven’t updated Instagram are strongly encouraged to do so, to be safe.
It was especially noteworthy because it highlighted how easily a hacker could take over a user’s personal device, such as an iPhone.
A hacker could simply send an image loaded with malicious code to a potential victim via email or through a messaging service like Facebook Messenger or WhatsApp.
If the photo were to be stored on the user’s device — a feature that WhatsApp automatically does by default — and the user opened Instagram, a hacker would be given full control of the user’s Instagram account. Additionally, they could control a user’s camera and microphone remotely through the exploit.
- Report reveals Twitter hackers lured employees to give up VPN credentialsThe attackers that hacked Twitter in July pretended to call from Twitter’s IT department about a VPN issue, then persuaded employees to enter their credentials into a website that looked identical to the real VPN login site. The claims by the hackers were credible – and successful – because Twitter’s employees were all using VPN … Read More
- ‘Name And Shame’ Mobile Money Fraudsters In The Media! – Mr. Oppong, BoGMr Kwame Agyapong Oppong, Head of Fintech and Innovation, Bank of Ghana has called for the publication of names of mobile money fraudsters in the media. He said that was the only way to ‘name and shame’ the fraudsters and deter others from the illegal activity. Mr Oppong made the call at a workshop on … Read More
- Cyber criminals use stolen data and hacking tools as prizes in games and rap battlesSome people have turned to baking sourdough bread or participating in TikTok challenges during the coronavirus lockdown. Cybercriminals have put their own spin on passing time with online rap battles, poker tournaments, poem contests, and In-person sport tournaments. The twist is that the prize for winning these competitions is sometimes stolen data and tools to … Read More
- APT Hackers exploit Netlogon flaw to attack U.S government networksCISA issued an alert stating those government networks that were targeted by the APT were close to election systems and the activity may pose some risk to those systems. Advanced persistent threat actors are exploiting well-known legacy vulnerabilities against U.S. government networks, which could pose a risk to election systems. The FBI and the Cybersecurity … Read More
- Microsoft awards GHC2,245,800 in bounties to researchers for finding vulnerabilities in Azure SphereSince 2003, the month of October has been recognized as National Cybersecurity Awareness month and after a three-month research challenge which dovetailed into the beginning of October, Microsoft finally awarded GHC2,245,800 to the global IoT security research community for finding vulnerabilities in Azure Sphere. In what Microsoft dubbed the Azure Sphere Security Research Challenge, 70 researchers from … Read More
The vulnerability serves as a reminder for users to routinely check what permissions apps have, especially any app that can control a device’s camera or microphone.
“People need to take the time to curate each permission an application has on your device. This ‘application is asking for permission’ message may seem like a burden, and it’s easy to just click ‘Yes’ and forget about it,” Check Point head of cyber research Yaniv Balmas said in a statement to Business Insider. “But in practice this is one of the strongest lines of defense everyone has against mobile cyber-attacks.”
Instagram was recently reported to be seemingly activating the camera and microphone indicators during times when the user was generally browsing the app’s feed, and not actively requiring the use of the camera or microphone. The company had claimed that it was a bug and that they were working to patch it.
Facebook, the parent company of Instagram, had recently been accused of spying on Instagram users through unauthorized use of iPhone cameras, according to a lawsuit recently filed. It isn’t clear if this fix is related to the suit.