Every Android Phone is hackable with an image

Alfred Osborne
February 10, 2019

We review products independently, but we may earn affiliate commissions from buying links on this page.

Opening a single image in PNG format may be enough for your Android phone to be compromised by hackers, and that's regardless of how tech-savvy you might be.

Craig Young, computer security researcher for Tripwire Inc.'s Vulnerability and Exposure Research Team, told SiliconANGLE that it appears that the vulnerability is directly related to how Android parses, that is interprets, an image before rendering it. Well, the good part of Android security bulletin is that Google has not received any reports of anyone exploiting the vulnerability as of now and has patched the issues with an upgrade to Android in the form of a security patch.

"The most severe of these issues is a critical security vulnerability in Framework that could allow a remote attacker using a specially crafted PNG file to execute arbitrary code within the context of a privileged process", it warned.

Classic Baldur's Gate video games are coming to Xbox One OnMSFT.com
Skybound Games has announced enhanced editions of classic Dungeons & Dragons RPGS from Beamdog will be released on consoles. What's more, Skybound Games says that we'll be hearing much more about the enhancements in the coming months.

Ceferin re-elected UEFA President
Ceferin, 51, was confirmed in office on Thursday by all 55 UEFA member associations' delegates at the 43rd UEFA Ordinary Congress in Rome.

Xbox Game Pass getting fresh new games this month
The catalog features over a hundred games that aren't just Xbox One titles, but also select Xbox 360 and original Xbox titles too. Time to step up your boom and stop crime as a super-powered Agent in Crackdown 3's open-world sandbox of mayhem and destruction.

This isn't the first time when PNG files are flagged as risky because they can be rigged easily.

It serves as the graphics engine for Google Chrome and Chrome OS, Android, Mozilla Firefox and Firefox OS, although it's not now known if other platforms may be exposed to the vulnerability as well. However, given the ease in which the bug can be exploited, users should accept incoming updates to their Android builds as soon as possible. The update brings fixes to a number of known vulnerabilities in Android operating system including some that have been categorized as critical.

However, several third-party smartphone makers take weeks or months to roll out security patches to their phones.

In effect, this means that Android users, those who are not using Google-branded devices, may have to wait months to receive a security update and that's presuming they receive one at all. So it will not be easy for anybody to find the hacking method.

Other reports by

Discuss This Article

FOLLOW OUR NEWSPAPER