Instagram patches security bug that would let hackers take over your smartphone

News
By Stephen Warwick
published

Instagram logo on phone
Instagram logo on phone (Image credit: Joe Maring / iMore)

What you need to know

  • Facebook has patched a major security flaw on Instagram.
  • Check Point Security discovered a flaw that would let hackers take over your smartphone using malicious code buried in a photo.
  • Fortunately, no one seems to have been affected by the exploit.

Facebook says it has patched a security issue within Instagram that would have allowed hackers to take control of a smartphone by simply sending a user a photo carrying malicious code.

According to Business Insider:

Cybersecurity researchers uncovered an Instagram vulnerability that would have enabled hackers to take over someone's smartphone and use it to spy on them by merely sending an image loaded with malicious code.The vulnerability was uncovered by Check Point Security in April, the firm announced this week. It has since been patched by Facebook, the company said in an advisory, meaning anyone with the latest version of the Instagram app is immune to the attack.

The vulnerability was reportedly very easy to exploit, and could have granted any potential hacker a "wide range of permissions". The execution was also quite simple:

The attack begins when a hacker sends an image loaded with malicious code to a target via email or through a messaging app like WhatsApp.If the target were to save the image to their phone and subsequently open Instagram, the hacker would gain full access to the user's Instagram account, as well as whatever functionalities Instagram can access, including the phone's microphone and camera.

Check Point's Yaniv Balmas warned people to "take the time" curating permissions that apps have on their devices and that whilst it may seem like a burden, it was one of the "strongest lines of defense" everyone has to protect against mobile cyber-attacks.

Facebook has patched the issue and says it was not aware of anyone abusing the exploit.

Stephen Warwick
Stephen Warwick
News Editor

Stephen Warwick has written about Apple for five years at iMore and previously elsewhere. He covers all of iMore's latest breaking news regarding all of Apple's products and services, both hardware and software. Stephen has interviewed industry experts in a range of fields including finance, litigation, security, and more. He also specializes in curating and reviewing audio hardware and has experience beyond journalism in sound engineering, production, and design. Before becoming a writer Stephen studied Ancient History at University and also worked at Apple for more than two years. Stephen is also a host on the iMore show, a weekly podcast recorded live that discusses the latest in breaking Apple news, as well as featuring fun trivia about all things Apple. Follow him on Twitter @stephenwarwick9