Skip to main content

Instagram says it has fixed a bug that would allow hackers take over targets' smartphones and spy on them just by sending a photo with malicious code (FB)

Instagram ReelsCHRIS DELMAS/AFP via Getty Images

Summary List Placement

Cybersecurity researchers uncovered an Instagram vulnerability that would have enabled hackers to take over someone's smartphone and use it to spy on them by merely sending an image loaded with malicious code.

The vulnerability was uncovered by Check Point Security in April, the firm announced this week. It has since been patched by Facebook, the company said in an advisory, meaning anyone with the latest version of the Instagram app is immune to the attack.

But the vulnerability is notable because of how easily it can be carried out and the wide range of permissions it would grant a hacker. The attack begins when a hacker sends an image loaded with malicious code to a target via email or through a messaging app like WhatsApp.

If the target were to save the image to their phone and subsequently open Instagram, the hacker would gain full access to the user's Instagram account, as well as whatever functionalities Instagram can access, including the phone's microphone and camera.

"People need to take the time to curate each permission an application has on your device. This 'application is asking for permission' message may seem like a burden, and it's easy to just click 'Yes' and forget about it," Check Point head of cyber research Yaniv Balmas said in a statement to Business Insider. "But in practice this is one of the strongest lines of defense everyone has against mobile cyber-attacks."

A Facebook spokesperson said in a statement that the vulnerability has been patched and that the company isn't aware of anyone abusing the exploit.

NOW WATCH: Why babies can't eat honey

See Also:

Data & News supplied by www.cloudquote.io
Stock quotes supplied by Barchart
Quotes delayed at least 20 minutes.
By accessing this page, you agree to the following
Privacy Policy and Terms and Conditions.