Instagram iOS & Android app flaw allowed full account access to hackers

Instagram iOS & Android app flaw allowed full account access to hackers
 

Instagram is one social media platform that is used predominantly by millennials today taking over Facebook as well. As such, its security remains important today due to the vast amount of personal information that circulates the platform.


A vulnerability of course could be very critical in such circumstances. Keeping this in mind, recently, researchers from Checkpoint have come across a flaw in both Android and iOS operating apps which would allow attackers to take over user accounts and access/edit their messages, images, posts, followers list, and everything else that would be a part of the account.


See: Hacker finds ex-Aussie PM’s passport number using his Instagram post


In fact, they could even crash the app. This could lead to a serious privacy invasion for individuals along with data loss.


How the vulnerability could be exploited was through a simple malicious image that an attacker would send to a victim via any channel, be it the Instagram app itself, email, Whatsapp, or Facebook.

Once the user saved the image and then afterward opened the Instagram app, it would automatically grant the attacker access to the victim’s account. This could be termed as a Remote Code Execution (RCE) attack and alarmingly, it would even allow the attackers to perform functions not inherently available to users on Instagram.


It is worth noting that recently a hacker also exploited RCE vulnerability to hack into Facebook. Explaining, the researchers stated in their instagram android allowed account access hackers