Software company Check Point found a vulnerability in the Instagram app back in February, citing that with one single image on the platform can give an attacker access to use a victim’s phone as a spying tool. Yahoo Finance’s Melody Hahm shares the details on The First Trade, in addition to Facebook’s response.
BRIAN SOZZI: Software company Check Point says it found a vulnerability in the Instagram app back in February. In the finding, it says through one single image on the platform, an attacker can turn a victim’s phone into a spying tool. The company says it waited until today to publish the report in order to ensure enough people updated the app.
Yahoo Finance’s Melody Hahm is here with the details. So Melody, I understand you reached out to Facebook. What’d they tell you?
MELODY HAHM: Yeah, I spoke with both Check Point and Facebook ahead of actually publishing this report. And Facebook initially, according to Check Point, said that they were very grateful for flagging this sort of vulnerability, which is basically what Check Point’s bread and butter is. In addition to selling software cybersecurity services, they have a research arm that tries to do some white hat hacking, as we call it, right, to make sure that a lot of these tech companies are held accountable for potential flaws in the system.
Facebook, when I reached out to them, actually had a very different tune when they were flagged about this report. They said to me that “Check Point’s report overstates a bug, which we fixed quickly and have no reason to believe impacted anyone. Through their own investigation, Check Point was unable to successfully exploit this bug.”
I want to take a more macro picture view, right. As you mentioned, this happened in February, so for many users this actually was not a problem at all. But it just shows that as much as we may resist that update button when it comes to the applications we use frequently, that’s actually the best order of action, right. It’s a very practical way that those security fixes can be seamlessly integrated in your using of the app.
Unfortunately, if you don’t update the app, which I know a lot of folks prefer not to do because they don’t want to give additional information, they don’t want to be privy to more security concerns, it’s very ironically actually than unprotected. I think this is also top-of-mind right now, because there is a lawsuit that was filed in San Francisco against Facebook, specifically because there are reports that Facebook was spying on users through the Instagram app through the camera.
Facebook, in turn, has replied, saying that that is merely an error. That was a bug in the system. But again, when does a bug become malicious? When does it become complete oversight from the engineering side of things? I think it is valuable to keep companies like Facebook in check with these sorts of measures that are put in place.
ALEXIS CHRISTOFOROUS: Melody, how long has Check Point been looking into this?
MELODY HAHM: Yeah, so Check Point is actually a pretty robust organization, Alexis. One of their most notable findings was back in January of this year when it came to TikTok. They revealed multiple vulnerabilities that users could have access– or could be exposed of their contacts, of their photos, of all their personal information in a way that, according to TikTok, they were not aware that that was a bug in the system.
When it comes to Facebook and Instagram, they’re constantly on the lookout, right. This is sort of what these so-called good hackers are trying to do, saying, hey, heads up. I’m flagging this to you. Make sure you fix this before this actually happens in a real way.
So you can say it’s a proactive measure. You can say, perhaps, it’s making something out of nothing. I prefer to err on the side of caution, right, especially given your big tech conversation. As we anticipate more and more scrutiny to face these companies, you better be doing everything in your power, right, to protect user identities and data. So in the case of Facebook and Instagram, it’s an ongoing process for a firm like Check Point to continue monitoring potential– potential vulnerabilities there.
BRIAN SOZZI: All right, Yahoo Finance’s Melody Hahm. Great to see you.