According to TechRadar, a vulnerability called “aCropalypse” has targeted Pixel devices. Hopefully, Google patched the exploit with the recent March feature drop, but users that haven’t received the path might be at risk.
Security researchers Simon Aarons and David Buchanan found the exploit in Pixel devices after cropping PNG files with the default markup editing tool. The vulnerability was first spotted a few years ago and was caused by an API change on Android 10.
The researchers reportedly found the issue on January 2 and informed Google on the same day. However, Google internally patched the flaw on January 24, but end users got the fix in March, nearly two months after the flaw was discovered.
The “aCropalypse” exploit mostly targets Pixel phones, but its traces are found in other Android phones and custom ROMs. The messaging service Discord is also said to have been targeted by this exploit. Discord’s previous image processing method never stripped metadata or compressed images.
“aCropalypse” exploit targets Pixel phones through a markup editing tool
While it might seem odd that a phone gets infected by a markup editing tool malfunction, some unlucky Pixel users dealt with the case. The way “aCropalypse” works is simple but very tricky. After shortening or cropping an image file, the markup tool still holds some information about the edited image and preserves the cropped pieces.
“So basically the Pixel 7 Pro, when you crop and save a screenshot, overwrites the image with the new version, but leaves the rest of the original file in its place.” Researchers Simon Aarons said.
According to Buchanan’s explanations, a PNG file holds its data in blocks. After a file is edited, one of those blocks still preserves the data about the edited part. “theoretically, an image could be made up almost entirely of back-references to missing data, but in practice, most images aren’t like this.” Buchanan added. Also, the exploit doesn’t seem to affect JPEG files due to the different methods of handling data.
Aarons and Buchanan created a tool that helps you to find exploits in your screenshots and find out if any of your screenshots are infected. The service currently supports almost all Pixel phones, from Pixel 3 to 7 Pro.
According to TechRadar, a vulnerability called “aCropalypse” has targeted Pixel devices. Hopefully, Google patched the exploit with the recent March feature drop, but users that haven’t received the path might be at risk.
Security researchers Simon Aarons and David Buchanan found the exploit in Pixel devices after cropping PNG files with the default markup editing tool. The vulnerability was first spotted a few years ago and was caused by an API change on Android 10.
The researchers reportedly found the issue on January 2 and informed Google on the same day. However, Google internally patched the flaw on January 24, but end users got the fix in March, nearly two months after the flaw was discovered.
The “aCropalypse” exploit mostly targets Pixel phones, but its traces are found in other Android phones and custom ROMs. The messaging service Discord is also said to have been targeted by this exploit. Discord’s previous image processing method never stripped metadata or compressed images.
“aCropalypse” exploit targets Pixel phones through a markup editing tool
While it might seem odd that a phone gets infected by a markup editing tool malfunction, some unlucky Pixel users dealt with the case. The way “aCropalypse” works is simple but very tricky. After shortening or cropping an image file, the markup tool still holds some information about the edited image and preserves the cropped pieces.
“So basically the Pixel 7 Pro, when you crop and save a screenshot, overwrites the image with the new version, but leaves the rest of the original file in its place.” Researchers Simon Aarons said.
According to Buchanan’s explanations, a PNG file holds its data in blocks. After a file is edited, one of those blocks still preserves the data about the edited part. “theoretically, an image could be made up almost entirely of back-references to missing data, but in practice, most images aren’t like this.” Buchanan added. Also, the exploit doesn’t seem to affect JPEG files due to the different methods of handling data.
Aarons and Buchanan created a tool that helps you to find exploits in your screenshots and find out if any of your screenshots are infected. The service currently supports almost all Pixel phones, from Pixel 3 to 7 Pro.