Social networks are full of holes and bugs, so it’s no surprise that Instagram has a critical flaw. Check Point experts found a loophole in the website. The mistake seems really serious. This is not a shortcoming. Instagram is a social network where photos and videos are uploaded. A characteristic feature of the application was the square shape given to the photos.
This is similar to the Kodak Instamatic series cameras, Polaroid instant cameras and 6 × 6 medium format cameras with a 4: 3 aspect ratio. Only on August 27, 2015 was it possible to place photos and videos in other image formats. The site was acquired by Facebook in August 2012. After a while, the rules were changed – the new rules indicate the possibility of selling users’ photos to third parties. This can already be a major abuse. However, it turned out that the gaps in the application make it even safer.
The number of Instagram users in the world has exceeded one billion a month.
It is estimated that about 200 million software users access the profile of at least one company every day. Interestingly, about 7 million Instagram users in Poland. In addition, 500 million (every second user) uses Stories. All of these people are at risk of data leakage. For some time now, social networking programs have become an increasingly common target of hacker attacks. However, the truth is that if they didn’t leak like Swiss cheese, they wouldn’t break. It seems that if it is responsible for a giant program like Facebook, security should be at the highest level. There can be nothing wrong. All of Mark Zuckerberg’s applications are constantly struggling with security issues.
It was Check Point experts who found a critical flaw in the Instagram application.
Through this hole, attackers can gain access to user credentials, phone contacts and space. This information was provided by Check Point. It is very interesting what the attack on Instagram looks like. According to experts, the attacker initially sent an e-mail to the victim, possibly a malicious file via WhatsApp, but there is no certainty about this. This loophole allowed the theft of the victim’s profile account. The vulnerability in the application allowed the so-called remote code execution (RCE), which allows hackers to perform any action in the program and use its permissions, threatens the privacy of millions of users around the world! The malicious file was an image file (image). After opening Instagram and displaying the uploaded photo, the malicious code uses the space to give the hacker full access to the victim’s messages and photos. This allowed the hacker to launch an attack. As a result, he was able to manage the victim’s account without their knowledge. In addition, it had access to the phone’s contacts, camera and user location information.
Instagram, the world’s most popular photo-sharing program, has a serious security vulnerability.
According to the report, Facebook has already fixed the error in the application. The weakness was in Mozjpeg, an open source JPEG decoder. Thanks to this module, the social networking program can download pictures and images from Facebook. Check Point experts quickly shared the results of the study with Facebook, and Facebook acknowledged the problem. The most ridiculous thing is that they called the vulnerability that caused the leakage of user data “buffer overflow.” However, the company has already eliminated the mistakes. The fixes are included in the latest versions of the application for all available platforms.
Yaniv Balmas, head of cyber research at Check Point, also decided to comment on the whole action with the Instagram application.
“Based on our research, we have come to two conclusions. First, third-party code in your application can be a serious threat. We encourage developers to check third-party code libraries. Third-party code is used in almost every application, so it is very easy to ignore the threat. Second, users need to be careful about the permissions they give to apps. I recommend that you think twice before allowing your application to access certain features or data on your device, as this may protect you from potential attacks. Experts advise users to regularly update their mobile applications and operating systems, to pay attention to applications that require permission.“- wrote the comment.
The Instagram application allows you to access the microphone, photos and videos.
It’s all because we have to upload resources to our profile and record the report. He has access to the camera. Thanks to Apple’s new feature in iOS 14, we can check it out. When you turn on some Instagram features, a dot appears in the upper right corner (just above the network coverage icon). Therefore, before granting certain permissions to the application, it is worth thinking about whether you want to do it and what the consequences may be. As you can see, it’s not just small programs that have security problems. This also happens in the IT market giants. It is also worth updating the application and the operating system used regularly. This will allow you to protect yourself from dangers while the adjustments are made by the developers.