Instagram, a huge photo-sharing platform, with 2 billion active users per month was susceptible to attack by hackers.
This is something really wondering but literally, this has happened.
An attacker can take over your Instagram account by just sending a malicious image.
This was possible because of vulnerability known in technical terms as Remote Code Execution(RCE).
This vulnerability allows the attackers to gain access to your Instagram account.
The attacker does this by sending malicious images. Hackers can deliver these malicious images through WhatsApp, Email, or any other platform.
Once the photo is saved in your cell phone, then attackers gain the access to your Android and iOS device. Your device can be easily now utilized as a spying tool.
You might be thinking of how is that how an attacker can take over your whole device instead of only Instagram?
This is because of the permissions granted to the Instagram app.
Instagram has access to your camera, microphone, GPS data, and more.
That’s why an attacker can not only delete your photos and read your messages through Instagram but also spy on you through the camera.
Not all the apps are granted such permission but a few.
Theses strict permissions eliminate the possibility of attacks.
What made Instagram vulnerable to attack?
According to the checkpoint, the vulnerability is generated because of the use of 3rd party libraries used by Instagram.
Most of the developers these days rely on them. The 3rd party libraries perform tasks such as image processing, sound processing, and network connectivity, etc.
This helps the developers to free themselves from minor issues and utilizes their time in coding.
Yaniv Balmas, head of cyber research alerted the developers on the use of 3rd party libraries.
“Third-party code libraries can be a serious threat. We strongly urge developers of software applications to vet the third-party code libraries they use to build their application infrastructures and make sure their integration is done properly,” said Balmas.
“Third-party code is used in practically every single application out there, and it’s very easy to miss out on serious threats embedded in it. Today it’s Instagram, tomorrow – who knows?” he added.
You May Also Like: How to earn money from Instagram – Earning through Social Media
“The vulnerability found was the way that Instagram used Mozjpeg– an open-source project used by Instagram as its JPEG format image decoder for images uploaded to the service,” says the researchers of the checkpoint.
Security recommendations for Android and iOS users by Yaniv Balmas
Yaniv Balmas strongly added that users must update to the latest version in order to gain protection.
He also emphasized that before the installation of any app, users must contemplate before granting permission to the camera.
“I would advise everyone to take a minute and think, do I really want to give this application access to my camera, my microphone, and so on?” he said.
This issue has been resolved six months ago by Facebook, it is just publicized now as people have updated to the latest version.
So keep your apps updated and check the permission before granting and keep asking yourself do I really need this?