×
Trending
The best 6.6 sale picks from Amazon, Lazada & Shopee in Singapore 2023
The best 6.6 sale picks from Amazon, Lazada & Shopee in Singapore 2023
Hands-on: Apple’s new 15-inch MacBook Air
Hands-on: Apple’s new 15-inch MacBook Air
Apple iOS 17: all the key updates seen at WWDC 2023
Apple iOS 17: all the key updates seen at WWDC 2023
News
News Categories
AV SystemsBluetooth HeadsetsCasingsCoolersCPUDigital PaymentsExternal StorageGames & GearGraphics CardsHard Disk DrivesHeadphonesInkjet PrintersLaser PrintersMedia Streamers and HubsMemoryMobile PhonesMotherboardNASNetworkingOptical DrivesPortable Media PlayersPower Supply UnitsProjectorsSmartphones & TabletsSolid State DrivesSpeakersTabletsTelcoTelevisionsDesktop SystemsEsportsNetworking & TelcoNotebooksToys & CollectiblesWearablesInput DevicesMonitorsMovies & ShowsPhotographyPrintersStorageApps & SoftwareInternet, Cloud, eCommerceComputingPC ComponentsAudio & VisualGaming & Entertainment CultureBlu-ray PlayersSmart LivingSmart Living & LifestyleAutomotive TechScience & TechTravel & AviationBiz & SME TechOthers

A flaw in Pixel phones makes it possible to recover sensitive information from edited screenshots

By Kenny Yeo - on 26 Mar 2023, 11:41am

A flaw in Pixel phones makes it possible to recover sensitive information from edited screenshots

Note: This article was first published on 20 March 2023.

The Google Pixel 7 and Pixel 7 Pro.

A security flaw that allowed edited images on Pixel phones to become partially unedited has been revealed by the the reverse engineers who discovered it, Simon Aarons and David Buchanan.

Though the flaw has since been patched, edited screenshots that have been shared before the update are still vulnerable.

Named "aCropalypse," the flaw makes it possible for someone to undo and partially recover PNG screenshots editing using Pixel's built-in Markup tool.

(Image source: Simon Aarons)

For example, if someone had used the tool to scribble over or crop out sensitive information such as addresses, credit card number, or bank balances, a bad actor could exploit this flaw to revert these changes and see the information that the sender thought he or she had already obfuscated.

Aarons and Buchanan explains:

When an image is cropped using Markup, it saves the edited version in the same file location as the original. However, it does not erase the original file before writing the new one. If the new file is smaller, the trailing portion of the original file is left behind, after the new file is supposed to have ended.

You can see how this flaw works by going to this demo page and uploading a screenshot that has been edited with the non-updated version of the Markup tool.

According to Buchanan, this flaw started about five years ago when Google introduced Markup with Android 9 Pie.

And while the flaw has been patched, there are years of vulnerable images still floating about in the while. 

The flaw has been patched by Google in a March security update for the Pixel 4A, 5A, 7, and 7 Pro with its severity classified as "high." However, Google hasn't said if this update will be arriving for other devices.

Pixel users are understandably worried and an FAQ page is said to be in the works. We'll update this article with the link once it goes live.

Source: Simon Aarons, David Buchanan via 9to5 Google, The Verge

Join HWZ's Telegram channel here and catch all the latest tech news!
google pixel security flaw
Our articles may contain affiliate links. If you buy through these links, we may earn a small commission.