Google Pixel’s Vulnerability Exposes Sensitive Information to Evil Doers by Uncovering Markup Screenshot Edits and Redactions”

Google’s Pix­el phones are usu­al­ly laud­ed for their secu­ri­ty fea­tures, but a new­ly dis­cov­ered vul­ner­a­bil­i­ty has put users’ pri­va­cy at risk. Accord­ing to reports, a flaw in Pix­el’s Markup screen­shot tool could allow bad actors to undo edits and redac­tions made to images.

The flaw, dubbed “aCropa­lypse,” was dis­cov­ered by reverse engi­neers Simon Aarons and David Buchanan and has been around for at least five years, coin­cid­ing with the release of Markup along­side Android 9 Pie in 2018.

If exploit­ed, the vul­ner­a­bil­i­ty could reveal sen­si­tive infor­ma­tion that was pre­vi­ous­ly redact­ed by a user. For exam­ple, if a Pix­el own­er used Markup to redact an image that includ­ed sen­si­tive infor­ma­tion about them­selves, some­one could exploit the flaw to reveal that information.

While the March secu­ri­ty patch will pre­vent Markup from com­pro­mis­ing future images, some screen­shots Pix­el users may have shared in the past are still at risk.

The vul­ner­a­bil­i­ty is par­tic­u­lar­ly con­cern­ing because it has been around for so long, and Google has yet to release a patch for all Pix­el devices.

Cur­rent­ly, the March secu­ri­ty update is only avail­able on the Pix­el 4a, 5a, 7, and 7 Pro, mean­ing that Markup can still pro­duce vul­ner­a­ble images on some Pix­el devices. It’s unclear when Google will push the patch to oth­er Pix­el devices.

Users on some plat­forms, such as Twit­ter, are pro­tect­ed from the vul­ner­a­bil­i­ty. How­ev­er, oth­ers like Dis­cord, which did not patch out the exploit until its recent Jan­u­ary 17th update, are still at risk.

It’s unclear if images shared on oth­er social media and chat apps were left sim­i­lar­ly vulnerable.

Google has not yet com­ment­ed on the issue, but secu­ri­ty experts are advis­ing Pix­el users to avoid using Markup to share sen­si­tive images until the patch is released for all devices.

With the increas­ing amount of per­son­al infor­ma­tion stored on mobile devices, vul­ner­a­bil­i­ties like this one serve as a stark reminder of the impor­tance of strong secu­ri­ty measures.

Be the first to comment

Leave a Reply

Your email address will not be published.