How to recover hidden information in screenshots edited on Google Pixel<\/h2>\n
\nIt all started when security researchers Simon Aarons<\/a> and David Buchanan<\/a> discovered a vulnerability they named Acropalypse<\/a>: it turns out that Markup, the Google Pixel built-in image editor, saves edited PNG files in a way that lets them be fully or partially recovered.<\/p>\n When processing PNG images, instead of saving a completely new PNG file, Markup overwrites the old one in a very peculiar way. If you crop a picture, its size in bytes compared to the original decreases, of course. The same thing happens if you paint over part of an image with a single color\u00a0\u2014 thanks to the compression algorithms that are very good at packing solid-colored areas. But the file saved after editing in Markup has the same size as the original: the app simply overwrites the new data on top of the old, leaving a \u201ctail\u201d of the initial image data in the file. And with the help of a tool created by the researchers (available online<\/a>), it\u2019s possible to partially restore the original.<\/p>\n Here\u2019s how the researchers themselves illustrate what\u2019s going on:<\/p>\n Recovery of an image edited with Google Pixel Markup. Source<\/a><\/p><\/div>\n Note, though, that the screenshot used as the example here is both redacted AND cropped<\/em>. Thus, importantly, the resulting image is significantly smaller than the original. After the edited version is saved on top of the original, there\u2019s a lot of non-overwritten data at the end of the file that can be recovered. And the fully unrestored or badly-restored area\u00a0\u2014 the top third of the resulting picture\u00a0\u2014 just so happens to contain nothing important.<\/p>\n So the researchers\u2019 demonstration should be taken as an ideal case: in real life, the success of the tool will almost certainly be lower, and the result will largely depend on the circumstances. But that doesn\u2019t mean the problem can be ignored\u00a0\u2014 this vulnerability is nothing if not very unpleasant.<\/p>\n It affects the following Google smartphones (highlighted are models that are no longer supported and will probably not get updates):\n<\/p>\n \nIn addition to its colloquial name, Acropalypse, the vulnerability was designated CVE-2023-21036. It has already been patched in the March Android update for the Pixel smartphones<\/a>. Alas, the update is powerless to fix old edited screenshots that have already been published or otherwise shared.\n<\/p>\n \nAfter Aarons and Buchanan posted their findings on Twitter, other researchers took up the cause. Logically assuming that other image-editing tools might use the same flawed mechanism for overwriting PNG files, they began to look for new vulnerable applications. And they found them, of course: a similar bug was detected<\/a> in Snipping Tool, a screenshot utility in Windows\u00a011.<\/p>\n Windows\u00a011 Snipping Tool has exactly the same problem: the app overwrites edited PNG files on top of the original, and when the new file is smaller, some data from the original remains at the end of the file, from which the uncut image can be partially reconstructed.<\/p>\n See this article on BleepingComputer<\/a> for more details:<\/p>\n Recovery of an image edited with Windows 11 Snipping Tool. Source<\/a><\/p><\/div>\n Although in this case a smaller part of the original image was restored, the result is still impressive. Note that the problem seems to be confined only to Snipping Tool and only to the Windows 11 version. So users of earlier versions of Windows, or those who prefer to edit screenshots in Paint or a full-fledged graphics editor like Photoshop, aren\u2019t affected.<\/p>\n The vulnerability in Windows\u00a011 Snipping Tool remains unclosed. But, again, even when an update arrives, it won\u2019t fix the problem with screenshots that are already out there.\n<\/p>\n \nIf you use Windows\u00a011 Snipping Tool, or have a Google Pixel smartphone (gen 3\u20137), and you\u2019ve posted cropped or edited screenshots with passwords somewhere, consider those passwords compromised: change them immediately. Sure, you might struggle to remember every such instance, and in any case there\u2019s nothing much you can do about it: there do exist Python scripts and YARA rules<\/a> for finding and treating such PNG images, but these are only for techies.<\/p>\n On a final note, here are some tips on how to safely retouch images with sensitive data that you plan to post online or send to someone you don\u2019t know if you can fully trust:\n<\/p>\n![\"Illustration](\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/36\/2023\/03\/27200817\/windows-11-google-pixel-image-editing-bug-01.png\"){kind=tracking}
<\/a>\n
How to recover hidden information in screenshots edited in Windows 11<\/h2>\n
![\"Acropalypse](\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/36\/2023\/03\/27200854\/windows-11-google-pixel-image-editing-bug-02.jpg\"){kind=tracking}
<\/a>What to do?<\/h2>\n