Your Android Phone Could Get Hacked Just By Opening A PNG Image

Share

What's the harm in opening a digital image? It reveals a new method which can allow hackers to attack Android smartphone by using malicious PNG files. The update brings fixes to a number of known vulnerabilities in Android operating system including some that have been categorized as critical.

The Android security bulletin classified the threat as severe, "based on the effect that exploiting the vulnerability would possibly have on an affected device, assuming the platform and service mitigations are turned off for development purposes or if successfully bypassed".

A major flaw in Android's framework allows an attacker to execute computer code remotely by using a maliciously crafted PNG image file to smuggle the code. As pointed out by ZDNet there is no way of knowing if your device has been hacked. Well, the February 2019 Android security update has only been released for the Pixel smartphones, the Pixel C tablet, and the Essential Phone. Furthermore, there are no current reports of the PNG issue being exploited in the wild (which isn't surprising considering victims likely won't even realize they've been targeted), but the risk remains as long as your Android device doesn't get the latest security updates.

More news: Problems With Wells Fargo Services Continue for Second Day
More news: Renault to alert prosecutors over ex-CEO Ghosns wedding costs
More news: Body found in Connecticut ID'ed as Westchester woman

The critical vulnerability has been spotted in three forms (CVE-2019-1986, CVE-2019-1987, and CVE-2019-1988) and affects Android smartphones running Android 7.0 or a higher build going all the way up to Android Pie.

The problem was disclosed this week in Google's Android security bulletin. Until that happens, we advise you to refrain from opening PNG files received from unknown people and download the security update as soon as it becomes available.

While Google has deliberately kept the details vague at this point, but it did confirm that a security patch has been rolled out to address this issue. It is not clear when other Android smartphone makers will release the update to their own devices.

Share