According come the latest findings that the Google protection team, the town hall an innocent-looking image on your Android might result in a hacked phone.
You are watching: Sa_groups_img_family_grid.png
In its recent Android security Bulletin, Google has comprehensive several crucial flaws in that mobile operating system, including three vulnerabilities that have to do through the means Android handles PNG (Portable Network Graphic) files.
According to Google, “The many severe that these concerns is a critical security vulnerability in framework that could allow a remote attacker utilizing a specially make PNG file to execute arbitrary password within the context of a privileged process.”
What this basically method is that a malicious actor can send friend a PNG file that contains secret commands. When you see the PNG picture in her phone, the regulates will it is in executed. “Privileged process” means that the malicious code will have access to every the functionalities of your phone. Theoretically, a well-designed attack using the flaw might take over your phone and also perform harmful work such as installing malware and stealing information.
The vulnerability affects Android OS execution 7.0 (Nougat) to 9.0 (Pie). This flaw is particularly dangerous because there’s less sensitivity end media files. Security professionals will give you many of warnings about not downloading and installing applications native unknown and untrusted sources, however media papers such together images, audio, and video clip files space generally considered harmless.
The good and poor news
We’re still wait for Google come release an ext details around the vulnerabilities. But according come the defense bulletin, there’s no proof of active customer exploitation or abuse the the report issues.
Google has likewise patched the flaws in an upgrade for its very own devices. That’s good news for users who very own Google-manufactured Pixel phones. The bad news is for users who have bought devices from various other vendors, which usually take a little longer to roll out patches.
Renowned brand such together Samsung and LG generally release update a couple of days ~ Google. However lesser known vendors deserve to take mainly of months.
Not the an initial time media files have to be weaponized
While the latest Android cons is pretty scary, it’s no the first time the cell phone OS has actually churned the end a security flaw the takes benefit of media files.
In 2014, researchers at Fortinet uncovered they could encrypt malware within PNG files and also hide them indigenous Google Play’s malware scanner. In a proof-of-concept demonstration, the researchers hid your malware in a an easy image-viewing application. As soon as the user opened the malware-infected image, the applications retrieved and also decrypted the malware from inside the image and also installed it on the device.
In 2015, defense researchers at Zimperium discovered a vulnerability in Android versions 2.2 and higher, codenamed Stagefright, that enabled hackers to perform remote password execution by sending video clip files to your victims. Many messaging apps automatically process the video upon receiving it, therefore the strike could be initiated without the target doing anything. At the time, the was estimated that an ext than 900 million tools were impacted by the vulnerability.
The best means to protect yourself versus Android’s recent PNG defense flaw is to install updates as shortly as her carrier and device manufacturer do them available.
See more: I Am Not A Crook Compared To Trump I Am Not A Crook Compared To Trump T
Google also recommends that users restrict their smartphones to only install applications native Google play and enable Google play Protect, the function that enables the Android security team come monitor your phone for malicious apps and also activity. Installation applications indigenous third-party markets always trails threats.
While girlfriend wait for your protection patches, think twice before you insanity that following cat photo.