Saturday, 23 February, 2019

Your Android Phone Can Be Hacked By Opening An Image

Hackers can hack an Android smartphone just by looking at a PNG image New Android Bug Can Let Hackers Attack Phone With PNG Image File
Cecil Davis | 10 February, 2019, 19:14

We review products independently, but we may earn affiliate commissions from buying links on this page.

Remote attackers are then able to execute arbitrary code in the context of a privileged process, according to Google.

The Android Security Bulletin for February lists 42 vulnerabilities in the Google mobile operating system, 11 of which are critical. To simply put it, opening the infected PNG file will activate the exploit and could open the floodgates for downloading malware on the device.

Craig Young, computer security researcher for Tripwire Inc.'s Vulnerability and Exposure Research Team, told SiliconANGLE that it appears that the vulnerability is directly related to how Android parses, that is interprets, an image before rendering it.

New Zealand vs India 2019, 3rd T20I: Preview and predicted playing XI
India's pace bowlers allowed just 53 runs from the last seven overs, during which time New Zealand found the boundary only once. India beat New Zealand by seven wickets in the second Twenty20 global to tie the three-match series at 1-1.

This isn't the first time when PNG files are flagged as unsafe because they can be rigged easily. Experts have demonstrated that you can encrypt Android malware inside images as a way to evade antivirus software. Google was also, of course, deliberately vague on the technical details of how to hack Android.

"Vulnerabilities like these bring to light the disparate update strategies across Android phones", explained Tripwire VP, Tim Erlin. But despite Google having identified and fixed the issue, there is little respite for the millions of Android smartphone users out there. Why?

Unfortunately, it is unknown when third-party handset manufacturers will roll out the security updates on their phones, as many of them take weeks, if not months, to do roll them out. Furthermore, there are no current reports of the PNG issue being exploited in the wild (which isn't surprising considering victims likely won't even realize they've been targeted), but the risk remains as long as your Android device doesn't get the latest security updates. So it will not be easy for anybody to find the hacking method. Also, no cases have been reported yet of anyone exploiting the vulnerability.