Skip to Content
© Bongkarn Thanyakij | Dreamstime.com
Security & privacy

Simple Instagram hack could give a stranger total access to your phone

We already know that apps can spy on our activities through data collection. But it’s another issue entirely when hackers take over our apps to spy on us and steal our data.

Fortunately, software developers are getting wise to some of the tricks being used to spy on you. In iOS 14, for example, a new set of icons will now alert you when your camera or microphone is recording. Tap or click here to see how Instagram got caught spying on users through the camera.

But now, hackers are using Instagram as a spy tool to steal user data — and this method won’t trip your camera or microphone sensor. They’re sending malicious files through Instagram and other apps that hijack your phone as soon as you save them. If you get a message with an image inside, here’s why you need to keep it away from your photo album.

Avoid this message scam and protect your phone

Have you received a message on Instagram or WhatsApp with an image inside recently? If you have, don’t save it — your phone and data could be at risk!

A new security report from Check Point shows that hackers are exploiting a bug on Instagram through the use of malicious image files. Once saved to your camera roll, these pictures will spring to life the next time you open up Instagram and turn your phone into a spying tool.

How does this work? Well, it all has to do with a glitch in Instagram’s image processing system. This system decodes images so they’ll upload to Instagram more efficiently, but malicious images can give hackers full access to your account, messages and albums. This means they can post or send messages on your behalf — spreading the scam even further.

RELATED: Delete yourself from this intrusive site now

This is an especially dangerous bug since the exploit can spread through what appear to be ordinary images. And with how easily internet memes can spread through messages, that cat photo you received might be able to take over your phone.

In a worst-case scenario, hackers can also access phone contacts, camera and location data to spy on you. Instagram has denied that this is possible — claiming that Check Point is overstating the problem.

Who are we going to believe? Probably not the group owned by Facebook and with money to lose on this bug, that’s for sure.

How can I protect myself from this hack?

Let’s not beat around the bush: This bug is very, very bad. But thankfully, it won’t affect your phone if you don’t save images you receive in messages. Just viewing it on Instagram or WhatsApp isn’t enough to trigger the hack.

And despite downplaying the exploit, Instagram did release a patch for the bug that can be downloaded now. By updating the app, the issue is completely removed from your device — and the malicious images won’t have harmful effects.

Most of the time, your app will update automatically, but this isn’t always the case. Here’s how you can force an update:

On iOS, you can open App Store and tap on your account icon on the top right of your screen. Then, scroll down to your apps. If an update is available, Instagram will show up at the top. Tap Update to get the latest version.

On Android, you can open Google Play Store, tap My apps & games, and then tap Update.

It’s an easy fix for a major issue, so don’t miss out on this update. Otherwise, Facebook won’t be the only entity watching you through your phone. Tap or click here to see how to change your ad tracking settings for Facebook.

Komando Community background

Join the Komando Community!

Get even more digital know-how and entertainment within the Komando Community! Watch or listen to The Kim Komando Show on your schedule, read Kim's eBooks for free, and get answers in the Tech Forum.

Join Now