Instagram for Android contained a vulnerability that allowed hackers to delve into victims’ accounts, by using a simple trick to gain access…
A major bug in the Android app for Instagram could have given hackers the ability to take control over target devices remotely, security researches at Check Point reveal. In order to secure access to victims’ phones, hackers only needed to use a very simple and slight trick. Once used, the bad actors could do a number of things, including taking actions on behalf of victims’ accounts.
Major Instagram Bug gave Hackers Remote Access to Users’ Phones
The vulnerability affected all versions of the Instagram app prior to release 18.104.22.168.128, which rolled out to the public on February 10th earlier this year, according to a Facebook advisory. “This [flaw] turns the device into a tool for spying on targeted users without their knowledge, as well as enabling malicious manipulation of their Instagram profile,” Check Point Research writes in an analysis of the issue.
The problem was reported to Facebook and the company quickly applied a patch in a update release that went out about six months ago. Facebook delayed the public disclosure in order to allow the majority of Instagram’s Android users to update the application, thereby mitigating the risk.
That’s good news, considering hackers could take control over a device by simply sending potential victims specialty crafted images. What’s more, hackers could access victims’ private messages and even delete or publish posts to victims’ profiles. Worse yet, execute arbitrary code on victims’ devices.