How would you feel if you knew that a person could track all your movements because they hacked your phone or Instagram account?
How would you feel if you knew that a person could track all your movements because they hacked your phone or Instagram account?
Check Point Security uncovered the vulnerability in April, announcing it this week.
The vulnerability tracked as CVE-2020-1895 receives a CVSS score of 7.8 and affects all versions of Instagram app prior to 128.0.0.26.128.
How does it work?
1. A hacker sends an image which has a malicious code attached to the targeted individual through email or maybe Whatsapp.
2. If the person unwittingly saves the image to their phone, opens Instagram and attempts to upload the photo the hacker is granted full permission to access the person's Instagram account; including access to the phone's microphone and camera.
3. However, following the tests conducted by Check Point, it was found that sometimes attempting to upload a photo which included a malicious code would often crash the app.
Facebook has stated that it has patched up the vulnerability and is unaware of anyone who has abused it. If you have updated the Instagram app to its latest version, then you would be immune to the attack.
Precautions you can take to prevent phone hijacking:-
- "People need to take the time to curate each permission an application has on your device. This 'application is asking for permission' message may seem like a burden, and it's easy to just click 'Yes' and forget about it." Yaniv Balmas, the Check Point head of cyber research said in a statement to Business Insider.
- On apps like WhatsApp, all images received by a user are automatically stored in their camera roll by default. Changing the setting can prevent boobytrapped images from being saved into your camera roll.
This is due to a significant flaw in the way that Instagram handles photos.
The vulnerability was identified by scanning through a section of software that Instagram uses. Mozjpeg is a tool that helps process image files, and Instagram uses it to upload photos onto the application. A critical flaw in Mozjpeg's code enables hackers to pry into a user's phone and hijack it.
For the latest cyber threats and the latest hacking news please follow us on Facebook, Linkedin, and Twitter.
You may be interested in reading: How to Survive the COVID Time Cyber Security Threats?