A MASSIVE security flaw in the Google Pixel’s photo editing software has left millions of users vulnerable to a so-called “acropalypse.”
The bug in the phone’s screenshot editing software allowed images to become partially “unedited” after being uploaded to Discord.
GettyA Google security flaw allowed edited photos to be partially recovered, potentially exposing private information[/caption]
Specifically, if the image had been edited with the Markup tools – for cropping or blacking out names, addresses, and other personal information – potential hackers and bad actors could partially recover the image, obtaining that information.
Reverse engineers Simon Aarons and David Buchanan first discovered the bug in January and promptly reported it to Google.
It was later fixed in a March security update for the Pixel 4A, 5A, 7, and 7 Pro, according to 9to5Google.
Despite the quick fix, millions of Android users have been left vulnerable for years.
“The bug existed for about 5 years before being patched, which is mind-blowing given how easy it is to spot when you look closely at an output file,” Buchanan said via Twitter.
The engineer also noted that while Google was able to “patch” the bug, users’ photos may still be at risk.
“You can patch it, but you can’t easily un-share all the vulnerable images you may have sent,” he said.
Discord fixed the bug on its end on January 17, so photos shared to the messaging platform before then may still be vulnerable, according to a FAQ page developed by Aarons and Buchanan obtained by 9to5Google.
If users are further interested in learning how the bug works, the engineers have developed a demo page to test it out.
Aarons and Buchanan have dubbed this security risk as the “acropalypse,” referring back to the photo editing function.
Over the weekend, Aarons shared an example of a vulnerable image.
In one panel, the engineer shared a Discord message sent between two users with an attached cropped photo of a credit card. The photo was also edited to have a black pen covering the card’s number.
The second panel showed the same image downloaded from the messaging platform.
The third panel featured a “recovered image.”
“The top 20% of the image is corrupted, but the remainder of the image – including a photo of the credit card with its number visible – is fully recovered,” Aarons said.
In a separate blog post, Buchanan claimed that the bug was due to a “horrible bit of API design.”
In the forthcoming FAQ page, the engineers further explain that the Markup software on the Pixel phone saved the edited version of an image in the same location as the original.
“However, it does not erase the original file before writing the new one. If the new file is smaller, the trailing portion of the original file is left behind, after the new file is supposed to have ended.”