Android Phones Can Get Hacked Just by Looking at a PNG Image

LASER_oneXM

Level 37
Thread author
Verified
Top Poster
Well-known
Feb 4, 2016
2,520
Using an Android device?

Beware! You have to remain more caution while opening an image file on your smartphone—downloaded anywhere from the Internet or received through messaging or email apps.

Yes, just viewing an innocuous-looking image could hack your Android smartphone—thanks to three newly-discovered critical vulnerabilities that affect millions of devices running recent versions of Google's mobile operating system, ranging from Android 7.0 Nougat to its current Android 9.0 Pie.

The vulnerabilities, identified as CVE-2019-1986, CVE-2019-1987, and CVE-2019-1988, have been patched in Android Open Source Project (AOSP) by Google as part of its February Android Security Updates.

However, since not every handset manufacturer rolls out security patches every month, it's difficult to determine if your Android device will get these security patches anytime sooner.

Although Google engineers have not yet revealed any technical details explaining the vulnerabilities, the updates mention fixing "heap buffer overflow flaw," "errors in SkPngCodec," and bugs in some components that render PNG images.

According to the advisory, one of the three vulnerabilities, which Google considered to be the most severe one, could allow a maliciously crafted Portable Network Graphics (.PNG) image file to execute arbitrary code on the vulnerable Android devices.
... ...
 

upnorth

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Jul 27, 2015
5,459
I strongly disagree. This News information is highly needed as in this specific case it can hopefully make users of lesser known Android models aware that the reported vulnerabilities perhaps is not yet patched by there vendors. Therefore make those users actually check with there vendors. That's what I call informative and helpful.

Also don't forget all new news posts are approved by the staff, before allowed in public.
 

zzz00m

Level 6
Verified
Well-known
Jun 10, 2017
248
This is good to know, in light of the fact that I haven't received an Android update since I bought my phone. I imagine that is fairly typical.

I only use trusted apps from the Play store, and delete those that I rarely use or never update. But the idea that viewing an image received with a messaging app can compromise the device!

And that just reinforces my earlier decision to only use the Android for non-critical tasks, like messaging and finding directions. Ot maybe Ubering once in a while. But never for online banking!
 

LDogg

Level 33
Verified
Top Poster
Well-known
May 4, 2018
2,261
I strongly disagree. This News information is highly needed as in this specific case it can hopefully make users of lesser known Android models aware that the reported vulnerabilities perhaps is not yet patched by there vendors. Therefore make those users actually check with there vendors. That's what I call informative and helpful.

Also don't forget all new news posts are approved by the staff, before allowed in public.
I'm glad you disagree as we can debate on why, which also focuses on the subject point still. What I mean't by scaremongering was the tile itself, some users (especially very non-savvy users) can be paranoid (if not already) about the massive place of the WWW, reading this in an article would send some into a frenzy. I also respect your opinion too. Thank you commenting back in a civil manner my friend.

I think the article should of stated that no one was actually infected with this vuln, this is something I had to do manually check out myself. Normally articles like this are dubiously written up in an attempt to gain more clicks, where I do agree with your opinion it's good to know about these, but not in the way users would see the semantics within the language used.

Indeed, all posts are checked by mods/admins before posting.

~LDogg
 
  • Like
Reactions: Gandalf_The_Grey

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top