• Skip to main content
  • Skip to header right navigation
  • Skip to site footer
iGuRu

iGuRu

Real-time Technology News. Opinions & Tweaks

  • / news
  • / infosec
  • / tools
  • / tweaks
  • / dummies
  • / opinions
  • / support
  • / yourpost
home / News / Hacking Instagram by sending an image!

Hacking Instagram by sending an image!

25/09/2020 08:01 by Anastasis Vasileiadis

Technical details about a high-vulnerability in Facebook's Instagram app for Android and iOS show how a malicious user could exploit it to take full control of the victim's account.

instagram hack 800x420 1 - Hacking Instagram by sending an image!

For this technique to work, the malicious user will need to send a specially crafted image to the target via a shared messaging platform or via email.

The issue was how to analyze images from Instagram, as long as the application has access to it to display it as an option in a post. Then the vulnerability would start by allowing dangerous actions.

Technically, vulnerability is a buffer overflow (CVE-2020-1895) that happens when Instagram tries to upload a bigger image believing it is smaller.

Facebook fixed the problem in the spring, after the revelation of the company Check Point and issued security tips to deal with it.

In a detailed technical report today, Gal Elbaz of Check Point points out how custom third-party code implementation on Instagram could lead to serious, remote code execution risks.

The weak point, in this case, was a fixed hardcoded value added by Instagram developers when integrating Mozjpeg, an open source JPEG encoder that Mozilla configured with libjpeg-turbo for better JPEG compression.

Check Point started checking Mozjpeg for possible defects that could be exploited in a meaningful way. The purpose was to find out if Instagram could be influenced by the library.

They found that the function that handles image sizes when analyzing JPEGs had an error that caused memory allocation problems during the decompression process.

Screenshot 2020 09 25 Instagram bug allowed crashing the app via image sent to device - Hacking Instagram by sending an image!

This could be used to damage memory, which can have dangerous consequences. At best, this type of error could throw Instagram, but if exploitable, it can lead to critical risks.

According to Check Point, Instagram has extensive permissions on the device, which include access to contacts, storage, device location, camera and microphone.

So in addition to checking the device owner's Instagram, a hacker could use the device as a spy tool without suspicion.

Hacking Instagram by sending an image! was last modified: 25 September, 2020, 8: 01 am by Anastasis Vasileiadis

spread the news

  • Facebook
  • Twitter
  • Reddit
  • Printing
  • Email

Read them Technology News from all over the world, with the validity of iGuRu.gr

Follow us on Google News


Competition: Newstag: Instagram

You May Also Like

Facebook Instagram & WhatsApp will see companies split
Instagram automatic censorship with AI
Facebook connects Messenger with Instagram

About Us Anastasis Vasileiadis

Translations are like women. When they are beautiful they are not faithful and when they are faithful they are not beautiful.

Previous Post: « Windows 10 20H2 What we know so far
Next Post: Windows XP The source code has been leaked to the internet »

Reader Interactions

Comment Policy:

IGuRu.gr does not publish the comments immediately. Malicious comments, comments that include ads, or comments that are offensive are deleted without notice. We do not adopt the opinions expressed by our readers.
Your comments will be displayed after approval by the administrators


Leave your comment
Ακύρωση απάντησης

Your email address is not published. Τα υποχρεωτικά πεδία σημειώνονται με *

 

 © 2021 · iGuRu.gr · ☢ · Keep It Simple Stupid Genesis theme

about  ·   get in touch  ·  rss  ·  sitemap  ·  cough

loading Cancel
Could not post post - check your email address!
Email verification failed, please try again
Your blog can not post posts via email.