This Google Pixel flaw could let hackers undo all your photo cropping
It’s fixed, but it’s not
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
A vulnerability has been discovered affectingGoogle Pixelusers with a vulnerability that could have exposed users’ most sensitive information and may continue to do so in certain cases.
ThoughGoogleissued a fix to CVE-2023-21036 in itsMarch update, the high-risk vulnerability has been allowing hackers to undo many edits made to images on Pixel devices.
It specifically relates to the Markup feature, which allows users to edit photos such as to eliminate sensitive information from images like bank cards, either by cropping certain aspects or applying visual layers over elements.
Pixel Markup vulnerability
According to reverse engineersSimon AaronsandDavid Buchanan, who discovered the issue, with an edited - and seemingly secure - image, a malicious actor could in some cases reverse such edits to expose sensitive information in a vulnerability that’s being dubbed ‘acropalypse.’
While many of us prefer sharing images via channels that prefer some or all of their metadata, such as Discord, this has proven less secure, exposing the vulnerability. It’s worth mentioning that Discord fixed the issue in mid-January 2023. By contrast, platforms like Twitter process images in a different way in turn leaving edits un-reversible.
These are the best secure smartphones around>Android 14 might get rid of passwords for good>Several zero day vulnerabilities are plaguing Android devices with Samsung chips, warns Google
The flaw stems from Android 9 Pie which coincides with the Pixel 3 family, meaning that 4, 5, 6, and latest 7 model families are also said to have been affected.
Given the age of some devices, only the Pixel 4a and newer currently receivesecurity updatesleaving some earlier models including the 4 and everything before it without official support, thus still vulnerable.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Furthermore, edited screenshots sent before updates were rolled out remain vulnerable and as such, should be removed where possible.
A Google spokesperson toldTechRadar Pro: “We have been in regular and constant contact with the security researchers on this issue,” explaining that all supported devices received the March update with the exception of the Pixel 6, which was delayed until March 21.
With several years’ experience freelancing in tech and automotive circles, Craig’s specific interests lie in technology that is designed to better our lives, including AI and ML, productivity aids, and smart fitness. He is also passionate about cars and the decarbonisation of personal transportation. As an avid bargain-hunter, you can be sure that any deal Craig finds is top value!
A new form of macOS malware is being used by devious North Korean hackers
Scammers are using fake copyright infringement claims to hack businesses
Belkin’s Travel Bag for Vision Pro has pockets and is way cheaper than Apple’s own case
