Instagram Vulnerability Allowed Hackers Access to Control Your Phone

  • By Dawna M. Roberts
  • Published: Sep 29, 2020
  • Last Updated: Mar 18, 2022

Security experts Check Point Research discovered a critical vulnerability while examining Instagram’s code that not only allows hackers full access to your Instagram account but also your mobile device. 

How Does the Vulnerability Work?

Check Point Research evaluated Instagram security code for both iOS and Android platforms and found the issue on Android (named: CVE-2020-1895), an integer overflow that controls the dimensions of a JPEG file. It ties in with an open-source JPEG encoder library called MozJPEG integrated into Instagram to compress images efficiently. The vulnerable function in question is called (“readjpgcopy_loop”).

Using this bug in the code, hackers can manipulate the file size of a JPEG and when the code crashes, use that opportunity to overwrite the functions and control what the program does. Hackers could have easily exploited this error by sending the user a JPEG with malformed dimensions via email or WhatsApp to trigger the fault and then replace the code with a function of their own. 

The most alarming aspect of this vulnerability is that it allows hackers to target someone’s Instagram account and send commands to the mobile device accessing hardware or software components at will. The bug is as effective as any malware infection allowing cybercriminals to spy on the victim and access the most private areas of their phone. This intrusion is a gateway to identity theft and a serious invasion of privacy.

Since this heap overflow bug is tied to Instagram and the app’s permission allows access to the phone’s camera, microphone, photo library, contacts, GPS, and more, it leaves the user very vulnerable to all sorts of privacy violations and the loss of personal information.

What is Facebook Doing About It?

Check Point Research reported their findings and test results to Facebook, and the company quietly released a patch back in April to fix the issue. However, they did not announce it to users, and since some may not have updated the app, their phones could still be using the vulnerable code. 

Facebook confirmed they found no evidence that the vulnerability was used to exploit mobile devices on a large-scale event. However, this does not mean that hackers didn’t discover and use it to access personal data before the issue was fixed. 

According to an expert with Check Point Research, although “fuzzing the code” exposed this vulnerability and a few others within Instagram, it is possible and even likely that additional bugs exist that were not found, and hackers could potentially exploit them to take control. 

What Can You Do to Stay Safe?

If you are one of the 1 billion monthly Instagram users, update your app immediately. Make sure you have the most recent version. According to Facebook, this issue affects any version prior to Some other tips to stay safe from identity theft are:

  • Update your mobile phone’s security and apply all patches as soon as they are available.
  • Consider installing anti-spyware or anti-malware software and running deep scans of your mobile device often.
  • Review all your app’s permissions and deny access whenever possible to limit your exposure.
  • Think before approving access to any program, app, or pop-up.
About the Author
IDStrong Logo

Related Articles

46,000 Veterans and 13 Community Care Providers Affected by a VA Data Breach

The Incident Early last week, the Department of Veteran Affairs (VA) was breached by an unk ... Read More

Alien Malware Infects More than 226 Mobile Apps and Steals Bank Data

As reported on September 24, 2020, by ZDNet and ThreatPost, a new strain of malware named “A ... Read More

Universal Health Systems Hit by Ransomware Attack

Universal Health Systems (UHS), a Fortune 500 company owning more than 400 hospitals across the co ... Read More

Exchange Server Bug Exposes a Big Risk to Hackers

Months after Microsoft released a patch to fix a serious flaw in MS Exchange Server, more than 61% ... Read More

Clients’ Bank Data Exposed in Blackbaud Ransomware Attack

Blackbaud software was victim to a ransomware attack last May, and new information suggests that c ... Read More

Latest Articles

What to Do if Your Credit Card is Lost or Stolen

What to Do if Your Credit Card is Lost or Stolen

Credit and debit cards have become the most prominent form of wealth access in the last decade. Once consumers pulled out thick wallets of cash—they now pull out thin clips of cards—if they bother using a card, not a watch or cellphone.

Credit Card CVV Number: Meaning and Security

Credit Card CVV Number: Meaning and Security

Inspect your credit card, and you'll likely find interesting—and crucial—elements of the plastic rectangle. The front might display the provider's name, a chip, some digits, or an entire card number; the back might hold much the same, along with a signature, when necessary, and a "valid thru [sic]" date.

The Meaning of Two-Factor Authentication (2FA): How to Turn On and Turn Off

The Meaning of Two-Factor Authentication (2FA): How to Turn On and Turn Off

Cyber attacks are a growing threat to all industries, nations, and people. They occur with increasing frequency, with the last year reporting 3,205 data compromises and over $12.5 billion in projected losses, according to the Federal Bureau of Investigation (FBI).

Featured Articles

How to Buy a House with Bad Credit

How to Buy a House with Bad Credit

Buying your own home is the American Dream, but it might seem out of reach to those with bad credit. However, the good news is, if your credit is less than perfect, you do still have options and in most cases, can still buy a home.

How Secure Is Your Password? Tips to Improve Your Password Security

How Secure Is Your Password? Tips to Improve Your Password Security

Any good IT article on computers and network security will address the importance of strong, secure passwords. However, the challenge of good passwords is that most people have a hard time remembering them, so they use simple or obvious ones that pose a security risk.

Top 10 Senior Scams and How to Prevent Them

Top 10 Senior Scams and How to Prevent Them

Senior scams are becoming a major epidemic for two reasons. First, seniors often have a lot of money in the bank from a life of working hard and saving.

Free Identity Exposure Scan
Instantly and Securely Check if Your Personal Information is Exposed on the Dark Web or Sold by Data Brokers
Please enter first name
Please enter last name
Please select a state
Free Identity Threat Scan
Instantly Check if Your Personal Information is Exposed
All fields below are required
Please enter first name
Please enter last name
Please enter a city
Please select a state
Please enter an age
Please enter an email address