Simon Aarons @ItsSimonTime, Twitter Profile

Simon Aarons @ItsSimonTime

3 years ago

Introducing acropalypse: a serious privacy vulnerability in the Google Pixel's inbuilt screenshot editing tool, Markup, enabling partial recovery of the original, unedited image data of a cropped and/or redacted screenshot. Huge thanks to @David3141593 for his help throughout!

135 3K 9K 2.1M 2K

Download Image

Chris Blume @ProgramMax

3 years ago

@ItsSimonTime @David3141593 I've got a fun one for you all to look at. I opened a 198 byte PNG with Microsoft's Snipping Tool, chose "Save As" to overwrite a different PNG file (no editing), and saves a 4,762 byte file with all that extra after the PNG IEND chunk. Sounds similar :D

13 88 956 1.6M 135

Chris Blume @ProgramMax

3 years ago

@ItsSimonTime @David3141593 Snipping Tool 11.2302.4.0 Saving as a new file results in a 254 byte file with no junk past the end. So it *definitely* sounds like a failure to truncate the file.

3 7 248 107K 4

guillermo bal atro @glopforshort

3 years ago

@ProgramMax @ItsSimonTime @David3141593 print screen button + paste into mspaint, resize, save stays undefeated

4 0 54 19K 2

ℏ∈×₷𝔼𝘤ȿ @hexsecs

3 years ago

@ProgramMax @ItsSimonTime @David3141593 Yeah, totally just rewriting the first section and slapping an IEND tag. The reset of the data remains intact.

1 4 16 4K 3

Download Image

Brah 🇺🇸 @Cavit81

3 years ago

@ProgramMax @ItsSimonTime @David3141593 I heard that some image types keep a thumbnail of the full image, which can be viewed, even when the shared image was cropped.

1 0 7 24K 2

David @dcaruana81

3 years ago

@ProgramMax @ItsSimonTime @David3141593 Was this reported before it was made public knowledge?

1 0 6 11K 0

Officer Terry McTibbs @Gabapentigram

3 years ago

@ProgramMax @ItsSimonTime @David3141593 Every time there's an "oops" like this I wonder how "oops" it really was. Like how Google StreetView cars "oops"identally stored payload from WiFi back in 2010... Which is to say nothing about what they collect from everyone with "consent"... theguardian.com/technology/201…

1 1 1 406 0

Tim Rowe @tjsr

3 years ago

@ProgramMax @ItsSimonTime @David3141593 Are you saying that you were able to read, from the new 198B file with its new file name being the same as an old file, the contents of the overwritten file? If so, this seems like a far more serious filesystem issue than jut a snipping tool issue.

1 0 1 2K 0

SK @SKCro_

3 years ago

@ProgramMax @ItsSimonTime @David3141593 I'm curious, does this bug affect Lightshot (a third-party screenshot tool)? Been using that instead of Snipping Tool :P

0 0 1 776 0

Bartosz Debowski @BarDebowski

2 years ago

@ProgramMax @ItsSimonTime @David3141593 I use IrfanView to crop screenshots.

0 0 0 232 0

Peter Vanderwaart @PVanderwaart

3 years ago

@ProgramMax @ItsSimonTime @David3141593 What is the block size on the disk drive?

1 0 0 2K 0