Wednesday, 21 August 2019
Latest news
Main » Android vulnerability lets hackers wreak havoc using, er, a PNG file

Android vulnerability lets hackers wreak havoc using, er, a PNG file

10 February 2019

We review products independently, but we may earn affiliate commissions from buying links on this page.

A vulnerability in Google LLC's Andriod operating system can allow hackers to hijack a device by simply displaying an infected PNG image file.

Google recently began the rollout of the February 2019 Android security update that addresses a total of 42 issues and fixes vulnerabilities of varying severity levels.

More news: Baldur's Gate Games, Neverwinter, Planescape: Torment Coming to Console in 2019

And a similarly severe flaw at the system level could also allow a remote attacker to execute arbitrary code at a privileged level if they were to craft a malicious transmission delivered over Bluetooth.

Craig Young, computer security researcher for Tripwire Inc.'s Vulnerability and Exposure Research Team, told SiliconANGLE that it appears that the vulnerability is directly related to how Android parses, that is interprets, an image before rendering it.

Once upon a time only Intelligence agencies had the control over Android devices remotely accessed from anywhere in the world but now anyone can take full root access just by sending you an image file on your smartphone. It isn't hard to imagine why; by exploiting the flaw, a hacker could send harmless-looking PNG files to victims over email, a messaging app, or social media that in reality trigger an Android device to download additional malware.

More news: NAB head quits after scathing criticism from banking inquiry

"Vulnerabilities like these bring to light the disparate update strategies across Android phones", explained Tripwire VP, Tim Erlin.

In effect, this means that Android users, those who are not using Google-branded devices, may have to wait months to receive a security update and that's presuming they receive one at all. The good news is that Google has patched the problems with an update to Android.

It's also worth noting that Google didn't report such an exploit being used in the real world, which probably suggests that hacking has moved a bit beyond inserting code into PNG files.

More news: French 'Yellow Vest' Marches Continue for 13th Weekend

Android vulnerability lets hackers wreak havoc using, er, a PNG file