Hadley Simmons/Android Authority
TL; DR
- The vulnerability in Pixel’s Markup utility allows hackers to unmodify and uncrop screenshots.
- Google fixed the issue with the March 2023 security update, but Pixel screenshots shared before that remain vulnerable.
A serious flaw found in the Markup tool on Pixel phones could allow hackers to un-edit and un-crop screenshots. identified by the security researcher Simon Aaronsthe flaw is called “Acropalypse” and has been assigned a CVE (Common Vulnerabilities and Exposures) identifier.
Let’s say you share a screenshot of your bank statement with someone and use Pixel’s Markup tool to hide sensitive information like your bank account number or balance, the vulnerability would allow anyone to revoke this confidential information, provided you send them an original screenshot file.
Most of the messaging and social media apps compress and reprocess the shared images and in this case, hacking is not possible. For example, Twitter is free from Acropalypse. However, Discord only started stripping screenshots of these details in January. Any premium Pixel screenshots that were shared on the platform prior to being hacked.
Google released the Markup tool on Android 9 Pixel phones in 2018. It allows you to crop, add text, draw, and highlight screenshots. However, the vulnerability could help bad actors remove this modification and gain access to the screenshot in its original state.
While Google fixed the issue with the March 2023 security update, screenshots you shared before updating your Pixels can still be exploited with the latest software, and your hidden information can be partially recovered. Aaron created Technical presentation From the glitch, with which you can see if modified screenshots can be unmodified.