08 Dec, 2023 | Friday
Trending : LaptopsAppsAutomobileTop DealsOPPO India

Google Pixel bug can lead hackers to reverse edited parts of a screenshot

Google has fixed a bug in its Markup tool that can allow hackers to reverse edit parts of a screenshot and gain access to your personal data.

Edited By: Shweta Ganjoo

Published: Mar 20, 2023, 01:44 PM IST

Google Pixel 7
Google Pixel 7

Story Highlights

  • Google recently released the March security update on its Pixel phones.
  • This update fixes a bug in Google’s Markup tool.
  • This bug has existed on Pixel smartphones for five years.

Google recently released March 2023 security update for its Pixel smartphones. The update fixes a number of key bugs in the Pixel smartphones including the ones with its Samsung Exynos modem, Bluetooth, WiFi, GPS and camera. This update also fixes a high-severity vulnerability in Google’s Markup tool that could have been used by malicious hackers to retrieve at least part of the information in the edited screenshots.

The vulnerability dubbed as “aCropalypse,” was identified by developers Simon Aarons and David Buchanan and reported to Google in January this year before being patched in March this year. According to the developers, the vulnerability in Google’s built-in Markup tool enables a “partial recovery of the original, unedited image data of a cropped and/or redacted screenshot.”

For understanding, if you cropped an image using your Pixel phone’s Markup tool in a way that it removed the part that has your personal information such as your address and your phone number, hackers could recreate most of the image to get access to most of this data.

What’s more worrisome is that this bug has existed for about five years before being patched, which means that it existed right around the time when the tool was rolled out on Android 9 Pie back in 2018.

How does this vulnerability work?

How this vulnerability functions is really simple. When you edit an image using Google Pixel’s Markup tool, it saves the screenshot and the edited image in the same folder without overwriting or replacing the old image with the new image. “so basically the pixel 7 pro, when you crop and save a screenshot, overwrites the image with the new version, but leaves the rest of the original file in its place,” the developers wrote in a technical blog.

Now, most social media platforms, such as Twitter, re-process the uploaded images, which removes this trailing data mitigating the issue in the process, 9To5 Google noted. However, a lot of other platforms, Discord for instance, does not do the same, which leaves screenshots shared on the platform in the past from Pixel phones vulnerable to hackers. It is worth noting that Discord fixed this bug in its update that was released on January 17.

This means that even if you updated your Pixel phone with the latest security update, there is no way of telling if the screenshots that you shared in the past are safe.

Get latest Tech and Auto news from Techlusive on our WhatsApp Channel, Facebook, X (Twitter), Instagram and YouTube.

Author Name | Shweta Ganjoo


Select Language