Home Uncategorized Google Pixel’s New Vulnerability Patch Doesnโ€™t Solve Privacy Woes

Google Pixel’s New Vulnerability Patch Doesnโ€™t Solve Privacy Woes

20
0

Google Pixel's New Vulnerability patch Doesn't Solve Privacy Problems

A vulnerability in Markup, which allows users to edit Google Pixels screenshots, has allowed hackers to access the images partially unedit.

Google has not yet been able retrieve the screenshots, so a large number of users are still at-risk.

Let’s say, for example, that a user decides to crop details about their mobile network. Hackers could easily undo the cropping and obtain the original text file. This could reveal a lot about the user’s personal information.

Although the vulnerability has been fixed, exploited screenshots are still being shared online.

How did it get there?

Simon Aaarons and David Buchanan, reverse engineers, first discovered the vulnerability. Simon Aaarons shared more information about the vulnerability via a thread on Twitter. The vulnerability, which has been called “acropalypse”, is considered one of the most serious privacy threats for the year.

Buchanan also thanked David Buchanan, for his support in resolving the issue.

Aaarons posted a screenshot on Discord of a credit card with its number blacked out to show the danger. However, once he downloaded it and exploited the URL, the credit card number was immediately visible.

9to5Google also found more information about the issue. It revealed that hackers could exploit this vulnerability because Google Pixel saves the original, unedit image file in the exact same location as the edited version. The original version is not deleted.

The new version is often smaller than the original, so hackers can easily recognize the original file and be in and out in a matter of minutes with the date they are looking for.

A five-year-old bug

This is not a new bug. David Buchanan claims the bug was first discovered five years ago, when the Markup tool was introduced by Google with the Android 9 Pie update.

All screenshots taken over the past five years using this tool could be at risk or have been exploited to steal private data.

The location where the screenshot was posted will also affect the extent of damage. If you have posted a edited screenshot on Twitter, you don’t need to worry because Twitter has a built in function that prevents users from undoing any edits.

However, if your screenshot has been shared on Discord, which offers no such benefits, it could still be at risk of being exploited. Discord released a patch on January 17 to protect the edited screenshots against hackers after the vulnerability was discovered. However, the vulnerability remains in place for screenshots that were posted before.

Continue reading

Previous articleJimmy Fallon jokes that Biden’s Easter Bunny will be ‘different than the Bunnies the President Hung Out With’
Next articleIs it safe to open up Amazon’s sidewalk to third-party developers?