Any phone running on the latest Android operating system can get hacked by just opening an image!
Recently three very critical vulnerabilities have been discovered in Google’s Android Operating System. These flaws could allow arbitrary code execution on your android phone by just opening an image. Furthermore which can allow a hacker to completely own your smartphone.
Android security bulletin stated :
The most severe of these issues is a critical security vulnerability in Framework. This vulnerability could allow a remote attacker using a specially crafted PNG file to execute arbitrary code within the context of a privileged process.
This vulnerability is similar to last year’s Stagefright bug that allowed hackers to hijack Android devices with just a simple text message, without the owners being aware of it. The stagefright bug affected more than 950 Million Android smartphones.
These vulnerabilities are currently affecting millions of devices running recent versions of Google’s mobile operating system Android 7.0 Nougat to Android 9.0 Pie.
These three critical vulnerabilities are :
AOSP rolled out February Android Security Updates to patch these three vulnerabilities.As not every smartphone manufacturer rolls out security updates every month, this still leaves thousands of Android smartphones vulnerable to these flaws.
According to google one of this vulnerability can allow an attacker to create a maliciously crafted Portable Network Graphics (.PNG) image file, which can execute arbitrary code on the Vulnerable Android Smartphones. Allowing a hacker to steal any data present on the device and even crashing your Android operating system.
An attacker can simply exploit these vulnerabilities by tricking the victim into opening a malicious PNG image file created by the attacker.
However, Not even a person with technical knowledge can spot the malicious image file with the naked eye. These maliciously crafted images are generally sent through email and messaging services. The hackers can easily encrypt the malicious code of malicious PNG image file, which can result in evasion of antivirus solutions. You would have no way of knowing that you have been targeted.
Although, no case of exploitation of these vulnerabilities has yet been reported and all the Android partners are notified of the vulnerabilities a month before publication.
How to be safe?
- Remain cautious while downloading images from untrusted sources as they may be malicious.
- Do not open images received from spam emails or messages.
- Update your android as soon as possible.
- Always keep a good Antivirus application installed on your smartphone.