Mar, 2023 - By SMI
Hackers can unredact and uncrop modified screenshots thanks to a security hole in the Pixel's Markup tool.
With the March security patch, Google rectified the problem, but earlier screenshots are still in danger. Google rectified the problem with a security update in March 2023, but screenshots shared with Pixel before that time are at risk. A serious weakness in the Markup tool on Pixel phones may allow hackers to erase redactions and cropped screenshots. Security researcher Simon Aarons named the problem "Acropalypse" and assigned it a CVE Number.
Imagine sending someone a screenshot of your bank statement through email and having them redact private information like your account number or balance using Pixel's Markup tool. They may take advantage of this weakness to decipher the private information you redacted if you supplied them the original snapshot file.
Since most messaging and social media apps compress and reprocess shared photos, the attack is not conceivable. For instance, Acropalypse is not present on Twitter. But until January, Harmony hadn't begun erasing key details from screenshots. Preceding to that, the hack could affect any labelled Pixel screenshots published on the platform.
Google released the Mark up tool for Pixel phones running Android 9 in 2018. With this tool, one may highlight, draw, add text, and crop screenshots. Yet, the weakness might make it possible for unscrupulous people to reverse this modification and obtain the snapshot as-is.
Google released a security update for the Pixel phones in March 2023 that addressed the problem, but screenshots that were released earlier can still be used to exploit flaws and the secret data can still be partially recovered. Aarons' technical analysis of the problem can be used to determine whether one's updated screenshots can be made redaction-free.
533 Airport Boulevard, Suite 400, Burlingame, CA 94010, United States
403, 4th Floor, Bremen Business Center
Aundh, Pune, Maharashtra 411007
In search of customized market research solution? We are here to help you. Contact us.