Slashdot Mirror

← Back to Stories (view on slashdot.org)

Android Phones Can Be Hacked Remotely By Viewing Malicious PNG Image (csoonline.com)

Posted by BeauHD on from the innocent-but-potentially-harmful dept.

An innocent-looking image -- sent either via the internet or text -- could open your Android phone up to hacking. "While this certainly doesn't apply to all images, Google discovered that a maliciously crafted PNG image could be used to hijack a wide variety of Androids -- those running Android Nougat (7.0), Oreo (8.0), and even the latest Android OS Pie (9.0)," reports CSO Online. From the report: The latest bulletin lists 42 vulnerabilities in total -- 11 of which are rated as critical. The most severe critical flaw is in Framework; it "could enable a remote attacker using a specially crafted PNG file to execute arbitrary code within the context of a privileged process." Although Google had no report of the security flaws being actively exploited, it remains to be seen if and how long it will take before attackers use the flaw for real-world attacks. Android owners were urged to patch as soon as security updates becomes available. But let's get real: Even if your Android still receives security updates, there's no telling how long it will be (weeks or months) before manufacturers and carriers get it together to push out the patches.

3 of 149 comments (clear)

  1. Re: So not Flash? by Anonymous Coward · · Score: 3, Funny

    This is no big deal. Since there is no hope of getting any security updates for my Android devices from the fantastic hardware vendors and network providers, I'll just browse the web on my Android devices using lynx from now on. Thanks guys! Thanks a lot! Really appreciate ya'll locking down these devices so hard to prevent malicious third-party open source developers from flashing custom boot ROMs over your fantastic OEM build.

  2. PNG needs JavaScript internally. by aberglas · · Score: 3, Funny

    Obviously we need complex multimedia formats that are decoded by C code complete with buffer overflows all running in Kernal mode.

    But what would be even better is if the PNG could contain JavaScript inside it. Why limit the output to just a few algorithms? With JavaScript running actually inside the PNG much greater compression could be achieved for many applications. More importantly, a whole new plethora of animation techniques could be developed.

    Indeed, if that JavaScript within the PNG was used to implement a Virtual Machine, a whole sub operating system could run inside that image. Just think of the possibilities!

    We need more, Lots more. Of stuff.

  3. Sounds like a rapper's stage name by jfdavis668 · · Score: 4, Funny

    Malicious PNG