Acropalypse: A security flaw on Pixel and Windows smartphones?
Web agency » Digital news » Acropalypse: A security flaw on Pixel and Windows smartphones?

Acropalypse: A security flaw on Pixel and Windows smartphones?

What is the Acropalypse?

Acropalypse, also known as aCropalypse, is a term for a strange security flaw affecting Google's Pixel smartphones and Windows 10 and 11 operating systems. It was recently discovered by cybersecurity researchers and could potentially allow hackers to easily recover confidential user data, such as bank details, and carry out various types of malicious actions.

Origin and operation of the flaw

The vulnerability was initially detected in January 2023 by Simon Aarons and David Buchanan, two security experts. They discovered that with Acropalypse, deleted information in screenshots taken on Pixel smartphones could be found. More precisely, it would be possible to cancel a posteriori the retouching carried out on these images and thus reveal modified portions to hide private information, such as names, telephone numbers, email addresses or bank details.

Curiously, the same problem was reported on March 21, 2023 by Christian Blume for Windows 10 and 11. In this case, the flaw concerns screenshots taken with the Snipping Tool, which comes standard with the operating systems mentioned. Microsoft then quickly updated the tool and released a security patch to fix the problem.

Severity and exploitation of the flaw

Although this flaw has caused concern, it appears to be of low severity according to Microsoft. Indeed, it only concerns screenshots taken and retouched with the tools integrated into the systems concerned. In addition, in the case of Windows, only images saved in the same location as the original and with the same name can be used, provided they are publicly accessible. Furthermore, it seems that only PNG format files are really exploitable, although the researchers claim that JPEG files could also be affected.

Is the risk real?

In reality, the risk of falling victim to this security breach seems quite low. Indeed, many conditions would have to be met for a hacker to be able to steal confidential information. In addition, social networks generally perform image processing, such as compression or format change, making it difficult to exploit the flaw.
In sum, even if the Acropalypse flaw exists, it should not pose a significant threat to most users, provided they remain attentive and update their software in due time.

★ ★ ★ ★ ★