Instagram says it has fixed a bug that would allow hackers take over targets' smartphones and spy on them just by sending a photo with malicious code (FB)
Summary List Placement
Cybersecurity researchers uncovered an Instagram vulnerability that would have enabled hackers to take over someone's smartphone and use it to spy on them by merely sending an image loaded with malicious code. The vulnerability was uncovered by Check Point Security in April, the firm announced this week. It has since been patched by Facebook, the company said in an advisory, meaning anyone with the latest version of the Instagram app is immune to the attack. But the vulnerability is notable because of how easily it can be carried out and the wide range of permissions it would grant a hacker. The attack begins when a hacker sends an image loaded with malicious code to a target via email or through a messaging app like WhatsApp. If the target were to save the image to their phone and subsequently open Instagram, the hacker would gain full access to the user's Instagram account, as well as whatever functionalities Instagram can access, including the phone's microphone and camera. "People need to take the time to curate each permission an application has on your device. This 'application is asking for permission' message may seem like a burden, and it's easy to just click 'Yes' and forget about it," Check Point head of cyber research Yaniv Balmas said in a statement to Business Insider. "But in practice this is one of the strongest lines of defense everyone has against mobile cyber-attacks." A Facebook spokesperson said in a statement that the vulnerability has been patched and that the company isn't aware of anyone abusing the exploit.Join the conversation about this story » NOW WATCH: We tested a machine that brews beer at the push of a button
More like this (3)
(Image credit: Tesla) ComputerWeekly has reported that a Belgian PhD student has managed to bypass the...(Image credit: Tesla) ComputerWeekly has reported that a Belgian PhD student has managed to bypass the security of a Tesla Model X using the Swiss Army Knife of hacker tools, a Raspberry Pi along with a modified key fob and a salvaged engine control unit (ECU). This vulnerability has forced Tesla to issue an over th...
Comp sci and cyber securityDating apps hold a treasure trove of information about their users which...Comp sci and cyber securityDating apps hold a treasure trove of information about their users which can make them an enticing target for malicious actors. On October 3, 2020, researchers (Wassime Bouimadaghene who found the vulnerability, and Troy Hunt who reported it) announced that they had found a security vulner...
Image via Alex Haney Facebook has filed a lawsuit today against two companies for creating and...Image via Alex Haney Facebook has filed a lawsuit today against two companies for creating and distributing malicious browser extensions that scraped user data without authorization from the Facebook and Instagram websites. Named in the lawsuit are BrandTotal Ltd., an Israeli-based company with a Delaware subsidiary...