Blogs -

Read The Blogs from

Instagram bug opened hackers spy gate

04 November, 2020 - By

Details of a bug on Instagram Android and iOS app reveal that hackers could spy on you by sending an image. Not just this, the bug could also lead to Instagram repeatedly crashing till uninstalled and re-installed.

Gal Elbaz from Check Point, a cybersecurity company told Bleeping Computer about the issue. The Instagram bug was a vulnerability caused by third-party code integration. This bug can let hackers send a specifically tweaked image to your phone, designed to crush Instagram and spy on users.

How Did This Instagram Bug Work?

It started with the hacker sending a corrupted image on your email or WhatsApp. If you saved that image, the bug became active. Then, when you open Instagram, the bug started doing its work. Basically, it was capable of only crashing the app multiple times, but in the hands of a seasoned hacker, it may expose your entire phone.

Image of the function causing the Instagram bug. Image credits: Bleeping Computers

An error was found in the function handling image sizes, leading to memory allocation problems or integer overflow. This bug was capable of corrupting your phones memory as well.

Instagram usually has access to the critical functions of the phone. It can access storage, microphone, camera, as well as location. So if a bug is carefully planted, the hacker may be able to remotely control your phone, without you even knowing about it.

Facebook Fixed It

The bug was reported to Facebook by Check Point. It was identified as a technicality called a heap-buffer overflow. This happens when Instagram tries to upload a large image, believing it to be a smaller size. In his report, Gal Elbaz told how the integration of a third-party code may lead to remote execution risks, like app crashing and spying.

In this case, an open-source image encoder, Mozjpeg had been identified as the weak point. The job of an image encoder here is to compress images while retaining their quality. Facebook had earlier fixed the problem and issued a security advisory about it. Check Point never discovered the limit to which the bug could be used to abuse user privacy because Facebook patched the issue.

Write Your Comments

Please write here your valuable comments or review:


mobile application of the


Looking for the Best Service Provider? Get the App!

  • Find nearby listings
  • Easy service enquiry
  • Listing reviews and ratings
  • Manage your listing, enquiry and reviews
We'll send you a link, open it on your phone to download the app
android app of the iOS app of the

copyrights © 2022   All rights reserved.