Connect with us

Tech

Critical vulnerability in Instagram found, fixed

Published

on

Instagram
Instagram

Researchers at cybersecurity firm Check Point on Thursday said that they had found a critical vulnerability in the Instagram app that would have given an attacker the ability to take over a victim’s account.

Discovered earlier this year, the vulnerability could have allowed hackers to turn the phones of the victims into a spying tool, simply by sending them a malicious image file.

When the image is saved and opened in the Instagram app, the exploit would give the hacker full access to the victim’s Instagram messages and images, allowing them to post or delete images at will, as well as giving access to the phone’s contacts, camera and location data.

After the findings were disclosed to Facebook and the Instagram teams, Facebook issued a patch to remediate the issue on the newer versions of the Instagram application on all platforms, Check Point said.

“We strongly encourage all Instagram users to ensure they are using the latest Instagram app version and to update if any new version is available,” Check Point said.

A part of the Facebook family of apps, Instagram is one of the most popular social media platforms globally, with over 100 million photos uploaded every day, and nearly one billion monthly active users.

The researchers decided to review the security of Instagram’s mobile app given its popularity and wide-ranging permissions that the app seeks from users.

The research revealed a critical vulnerability that might allow the attackers what is technically referred to as “remote code execution,” or RCE.

This vulnerability can allow an attacker to perform any action they wish in the Instagram app.

So how does such a popular application include vulnerabilities, when huge amounts of time and resources are invested in developing it?

The answer is that most modern app developers do not actually write the entire application on their own: if they did so it would take years to write an application.

Instead, they use third party libraries to handle common (and often complicated) tasks such as image processing, sound processing, network connectivity, and so on.

This frees the developers to handle only the coding tasks, which represent the apps core business logic.

However, this relies on those third party libraries being completely trustworthy and secure.

The Check Point researchers examined the third party libraries used by Instagram.

And the vulnerability they found was in the way that Instagram used Mozjpeg – an open source project used by Instagram as its JPEG format image decoder for images uploaded to the service.

In the attack scenario described in the study, an attacker can simply send an image to their target victim via email, WhatsApp or another media exchange platform.

The target user saves the image on their handset, and when they open the Instagram app, the exploitation takes place, allowing the attacker full access to any resource in the phone that is pre-allowed by Instagram.

These resources include contacts, device storage, location services and the device camera.

In effect, the attacker gets full control over the app and can create actions on behalf of the user, including reading all of their personal messages in their Instagram account and deleting or posting photos at will, Check Point said.

Continue Reading
Advertisement
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Tech

‘The Pathless’ and ‘Reigns: Beyond’ games soon on Apple Arcade

Published

on

By

Apple. (File Photo IANS)
Apple. (File Photo IANS)

San Francisco, Oct 15 (IANS) Apple has announced two new game titles Reigns: Beyond and The Pathless which are coming soon to its Cloud gaming service Apple Arcade.

“Coming Soon to Apple Arcade: The Pathless. As the Hunter, you must explore forests and tundras with your eagle companion to uncover puzzles and hunt down corrupt spirits,” the company said in a tweet on Wednesday.

‘The Pathless’ is set to launch on November 12. It’s an open world puzzle adventure game where players take on the role of an archer with an eagle companion and fight battles to eliminate a dark curse.

Meanwhile, ‘Reigns: Beyond’ is the fourth game in the Reigns series, which includes the original Reigns title, Reigns: Her Majesty, and Reigns: Game of Thrones.

“Take on intergalactic stardom while recruiting alien band members and navigating your way through a space tour,” the company said.

‘Reigns: Beyond’ will ask players to take on the role of an intergalactic indie rock band, using decision cards to chart a path to stardom.

‘Reigns: Beyond’ is set to launch on November 6, and it will be an Apple Arcade exclusive.

Earlier, Arcade added two new games — deep-sea adventure ‘Beyond Blue’ by E-Line Media and the emotional puzzle game ‘A Fold Apart’ by Lightning Rod Games — on the iPhone, iPad and Apple TV.

The subscription gaming service costs $99 a month and lets people play more than 120 games across the iPhone, iPad, Mac, iPod Touch and Apple TV.

Continue Reading

Tech

Samsung announces 40% festive discount on Galaxy S20+

Published

on

By

Samsung. (File Photo IANS)
Samsung. (File Photo IANS)

New Delhi, Oct 15 (IANS) Samsung has announced discounts and cashback offers on a wide range of products and consumers can get up to 40 per cent discount on select Galaxy smartphones such as its flagship Galaxy S20+.

Consumers shopping from Samsung.com will also get two-three day delivery of company products to their doorsteps across 16,000 pin codes in the country.

“This festive season, the Samsung.com online store is going to be the go-to destination for all Samsung products. Consumers can expect to find discounts as much as 60 per cent and cashback offers of up to 12.5 per cent on select products, but an exciting offer on every product for sure,” Asim Warsi, Senior Vice President, Samsung India said in a statement.

Samsung is also offering up to 60 per cent off on select accessories such as wireless chargers and JBL speakers.

Consumers can enjoy up to 45 per cent discount on a range of TV and Home Appliances such as The Frame television, Spacemax Family Hub French Door refrigerator and front-load Ecobubble with Hygiene Steam washing machine.

The discounts and offers are valid from October 15 to November 16, the company said.

Samsung on Thursday announced festive offers on its wide range of external and internal solid state devices (SSDs), including recently-launched T7 Touch, T7 external SSDs and 870 QVO internal SSD, and Micro-SD cards during the Flipkart and Amazon festive sales.

“Our aim is to deliver unparalleled experience and technology that meets our consumers’ expectations. We are confident that our festive offers will make our consumers’ life easier and add more joy to the festivities,” said Akash Saxenaa, Senior Director, Enterprise Sales, Samsung India.

Continue Reading

Tech

Trump slams Facebook, Twitter for restricting Joe Biden article

Published

on

By

U.S. President Donald Trump. (File Photo IANS)
U.S. President Donald Trump. (File Photo IANS)

Washington, Oct 15 (IANS) US President Donald Trump has slammed Facebook and Twitter for restricting the distribution of a New York Post article criticizing Democratic presidential nominee Joe Biden.

The New York Post published a series of stories on Wednesday citing emails, purportedly sent by Biden’s son.

The reports claimed it got those emails from Trump’s private lawyer, Rudy Giuliani, and former Trump adviser Steve Bannon, reports NPR.org.

Facebook limited the spread of the story which was liked, shared or commented on almost 600,000 times on Facebook, according to data from CrowdTangle.

In an unprecedented step, Twitter blocked users from posting pictures of the emails or links to two of the New York Post’s stories, citing its rules against sharing “content obtained through hacking that contains private information.”

Twitter said that the “images contained in the articles include personal and private information — like email addresses and phone numbers — which violate our rules”.

However, Twitter CEO Jack Dorsey acknowledged that the company’s communication about why it was blocking the articles “was not great”.

“Our communication around our actions on the @nypost article was not great. And blocking URL sharing via tweet or DM with zero context as to why we’re blocking: unacceptable”, he tweeted.

The action by Facebook and Twitter resulted in a political storm in the US.

Trump tweeted that it was “so terrible that Facebook and Twitter took down the story”.

Although Facebook did not remove it from its platform but limited its spread.

“REPEAL SECTION 230!!!” Trump said in a tweet.

Senator Josh Hawley of Missouri sent letters to Facebook and Twitter, pressing them on the decisions to reduce distribution and block the story.

Twitter and Facebook have been acting more aggressively to curb the spread of false claims and manipulation related to the election.

Continue Reading

Tech

Udacity, Microsoft launch ‘Nanodegree’ programme to skill students

Published

on

By

Microsoft. (File Photo IANS)
Microsoft. (File Photo IANS)

New Delhi, Oct 15 (IANS) The US-based learning platform Udacity on Thursday announced a partnership with Microsoft to launch Microsoft Azure ‘Nanodegree’ programme, which will strengthen the machine learning (ML) skills of the students.

The Nanodegree programme will strengthen the ML skills of the students, providing them hands-on experience in training, validating, and evaluating ML models with Microsoft Azure.

Microsoft Azure is a cloud platform that has more than 200 products and services, to build, run and manage applications with the tools and frameworks of your choice.

These services include databases, analytics, machine learning, IoT, blockchain and more. Over 85 per cent of Fortune 500 companies use Azure.

“We have developed this program in collaboration with Microsoft to offer a deep dive into the world of ML to learners,” Gabriel Dalporto, CEO of Udacity, said in a statement.

“We believe that our experiential learning approach backed with continuous mentorship and industry-relevant coursework will empower our students to have long and successful careers in Azure technologies,” Dalporto added.

The company said that Azure Machine Learning is an enterprise-grade machine learning service to build and deploy models.

Using Azure ML, data scientists and ML engineers can accelerate the end-to-end machine learning lifecycle of building, training and deploying ML models.

Additionally, students enrolled in Udacity’s Machine Learning Engineer for Microsoft Azure Nanodegree program are able to use hands-on Microsoft Azure Labs to complete their learning objectives.

“Through our collaboration with Udacity to offer introductory and advanced courses on Azure Machine Learning, we hope to expand data science expertise,” said Julia White, Corporate Vice President, Azure Marketing, Microsoft.

Continue Reading

Tech

Reliance Jio-led super app battle to intensify in India in 2021

Published

on

By

Jio
Jio

New Delhi, Oct 15 (IANS) Businesses will further accelerate the pace of their digital activities in 2021 by creating new-age apps and platforms and the world will see this battle ratcheting up in intensity in India led by Reliance Jio Platforms, a new report has said.

According to global market research firm Forrester, Covid-19 affected Asia Pacific first, and they expect the region will also emerge from the crisis first in 2021, before the US and Europe.

“APAC will see a platform surge. APAC is already home to some of the largest platforms in places like China and India. However, we will see this battle ratcheting up in intensity, especially in India,” said Ashutosh Sharma, VP, Research Director.

Reliance’s Jio Platforms has already blazed the trail with more than $20 billion investment in their digital business.

“They are simultaneously lining up more investments for their retail platform. Tata in India has thrown their hat in the ring with the announcement of their own super-app,” Sharma said in a statement on Wednesday.

With Paytm and Walmart’s Flipkart in the fray, India will see some serious competition among these platforms.

Targeting Google’s dominance in the app distribution space in India, leading digital payments platform Paytm last week set up a Rs 10 crore fund as equity investments for mini app developers in the country.

Paytm has also launched an Android Mini App Store to support local developers in the country.

On 5G, Forrester said the technology will finally make an impact and China will be its epicentre.

“In China, with heavy government support, rapid rollouts across the country, and evolution of supporting tech, 5G will find an ideal breeding ground for innovations across various verticals,” Sharma noted.

China’s experimentation and adoption of 5G-enabled business models and 5G-led innovation will offer valuable lessons to other countries and enterprises.

Values-focused firms will deliver higher profits than those focusing on profits alone.

“Brands can no longer work in shadows with a constant spotlight on each of their actions, statements, and associations across social media. They must show their explicit commitment to respect customers’ privacy, for example,” Sharma emphasized.

“They must tackle complex economic, environmental, and social challenges that impact all of us. They must do so with integrity, competence, and transparency to earn the trust and loyalty of these values-conscious consumers”.

The cybersecurity concerns will also dominate the agendas of businesses and governments alike.

“We will see increased adoption of Zero Trust and evolution of regulatory frameworks for data protection and privacy. Further, we expect firms to sharpen their focus on employee experience as they struggle to deal with people’s aspect of pandemic,” Sharma said.

Continue Reading

Tech

OPPO A15 with AI triple camera launched in India

Published

on

By

OPPO A15 with AI triple camera launched at Rs 10,990
OPPO A15 with AI triple camera launched at Rs 10,990

New Delhi, Oct 15 (IANS) Chinese smartphone maker OPPO on Thursday launched its new budget smartphone ‘OPPO 15’ with an AI triple camera system at the rear for Rs 10,990 in India.

OPPO A15 will be available in two colour variants — dynamic black and mystery blue.

“Riding high on the success of the recently introduced A53, OPPO aims to further strengthen its highly acclaimed A series with the launch of A15 that offers promising features in this segment,” the company said in a statement.

The smartphone features a 6.52-inch water-drop screen with a large 89 per cent screen-to-body ratio.

The device also features an HD+ screen that sports a resolution of 1600 x 720.

Further, the device comes with features that ensure the comfort of your eyes including Eye Comfort Filters, which can filter out harmful blue light and alleviate eye strain.

The device houses a 13MP Main Camera. It also boasts a 2MP Macro Lens for close-up shots as close as 4cm. To add more depth to portrait photos, it features a 2MP depth camera that adds a natural bokeh effect to the background.

There is also a 5MP front camera.

The device packs a MediaTek Helio P35 octa-core processor coupled with 3GB RAM and internal storage of 32GB that can be further extended to 256GB.

The device comes equipped with the latest ColorOS 7.2 that offers a suite of convenient features such as the Dark Mode that features an upgraded colour contrast for a more intuitive interface.

The phone is powered by a 4230mAh battery.

Continue Reading

Trending

Hey, wait!

Do you want to receive important news straight to your inbox every week?