Instagram logo on phoneSource: Joe Maring / iMore

What you need to know

  • Facebook has patched a major security flaw on Instagram.
  • Check Point Security discovered a flaw that would let hackers take over your smartphone using malicious code buried in a photo.
  • Fortunately, no one seems to have been affected by the exploit.

Facebook says it has patched a security issue within Instagram that would have allowed hackers to take control of a smartphone by simply sending a user a photo carrying malicious code.

According to Business Insider:

Cybersecurity researchers uncovered an Instagram vulnerability that would have enabled hackers to take over someone's smartphone and use it to spy on them by merely sending an image loaded with malicious code.

The vulnerability was uncovered by Check Point Security in April, the firm announced this week. It has since been patched by Facebook, the company said in an advisory, meaning anyone with the latest version of the Instagram app is immune to the attack.

The vulnerability was reportedly very easy to exploit, and could have granted any potential hacker a "wide range of permissions". The execution was also quite simple:

The attack begins when a hacker sends an image loaded with malicious code to a target via email or through a messaging app like WhatsApp.

If the target were to save the image to their phone and subsequently open Instagram, the hacker would gain full access to the user's Instagram account, as well as whatever functionalities Instagram can access, including the phone's microphone and camera.

Check Point's Yaniv Balmas warned people to "take the time" curating permissions that apps have on their devices and that whilst it may seem like a burden, it was one of the "strongest lines of defense" everyone has to protect against mobile cyber-attacks.

Facebook has patched the issue and says it was not aware of anyone abusing the exploit.