Daily Authority: 🔐 Pixel’s ‘Acropalypse’ security flaw

😎 Good morning! It’s the start of a new week, and a fresh new Daily Authority, rounding up the day’s tech headlines. Paula here, covering for Andy, and I’ll be with you tomorrow too, before I finish my replay of Heavy Rain. It looks good on the PS5 and holds up pretty well for a 13-year-old game! Let’s kick off today’s newsletter with a couple of security-related stories…

Security researcher Simon Aarons discovered a security flaw in the markup tool on Pixels.

• The flaw, dubbed “Acropalypse” lets hackers un-redact and uncrop edited screenshots.
• This could be dangerous as it could potentially allow anyone to un-redact sensitive information you’ve hidden using the markup tool — e.g. if you sent a bank statement screenshot but hid your account number.
• The markup tool, released in 2018 with Android 9, lets you “markup” screenshots by cropping, highlighting, drawing, or adding text.

What’s the good news?

• Firstly, if you shared screenshots on social media or most messaging apps, you’re safe. Most of these apps compress and re-process any shared images, so the hack isn’t possible.
• However, any screenshots shared on Discord prior to January could be affected, as the social media app only began stripping screenshots of these details in that month.
• Google’s March 2023 security update fixes the issue, but any screenshots you shared prior to updating your Pixel could still be at risk.
• You can use Aarons’ technical demo to find out if your edited screenshots can be unredacted.

Last week, we warned about active vulnerabilities in Samsung’s Exynos modems that could give hackers access to your device.

• Google’s Project Zero security research team posted a blog highlighting these vulnerabilities and four of the 18 identified were severe and could allow hackers to access your phone with just your phone number.
• Samsung Semiconductor’s updated advisories removed the Exynos W920 (which we included in our original list of affected devices) as an affected chipset, and replaced the Galaxy A21 with the A21S.
• Affected devices included the Samsung S22, M33, M13, M12, A71, A53, A33, A21s, A13, A12 and A04 series, the Pixel 6 and Pixel 7 series, Vivo S16, S15, S6, X70, X60 and X30 series, and any vehicles using the Exynos Auto T5123 chipset.
• Google patched the issues in its March security update for Pixel 7 series devices.
• The Pixel 6, Pixel 6 Pro, and Pixel 6a are still to receive the update though, putting them at risk.
• We’re still waiting on Samsung and other vendors to resolve these issues.
• Meanwhile, if you’re the owner of one of these devices, Google recommends turning off Wi-Fi calling and Voice-over-LTE (VoLTE) on your phone.
• You should also keep an eye out for any upcoming security updates and grab them as soon as possible.

Monday Meme

Never really thought about it, but it’s true…

Have a great Monday!

Paula Beaton, Copy Editor.