Pixel Phones Have A Severe Security Flaw With Its Markup Tool

Mar, 2023 - By SMI

Hackers can unredact and uncrop modified screenshots thanks to a security hole in the Pixel's Markup tool.

With the March security patch, Google rectified the problem, but earlier screenshots are still in danger. Google rectified the problem with a security update in March 2023, but screenshots shared with Pixel before that time are at risk. A serious weakness in the Markup tool on Pixel phones may allow hackers to erase redactions and cropped screenshots. Security researcher Simon Aarons named the problem "Acropalypse" and assigned it a CVE Number.

Imagine sending someone a screenshot of your bank statement through email and having them redact private information like your account number or balance using Pixel's Markup tool. They may take advantage of this weakness to decipher the private information you redacted if you supplied them the original snapshot file.

Since most messaging and social media apps compress and reprocess shared photos, the attack is not conceivable. For instance, Acropalypse is not present on Twitter. But until January, Harmony hadn't begun erasing key details from screenshots. Preceding to that, the hack could affect any labelled Pixel screenshots published on the platform.

Google released the Mark up tool for Pixel phones running Android 9 in 2018. With this tool, one may highlight, draw, add text, and crop screenshots. Yet, the weakness might make it possible for unscrupulous people to reverse this modification and obtain the snapshot as-is.

Google released a security update for the Pixel phones in March 2023 that addressed the problem, but screenshots that were released earlier can still be used to exploit flaws and the secret data can still be partially recovered. Aarons' technical analysis of the problem can be used to determine whether one's updated screenshots can be made redaction-free.