Why you should stop recording photos from IMessage, Imapp, and Android messages
Given that you are reading this story, chances are that You are a bit cybernetic. If I sent you an attachment in a text message-say, a word or a PDF document-you hope that you are programmed to ask a number of questions before opening or saving this attachment on your phone. Do I know the sender? Did I expect to see the dossier? But what if it's just a photo-something fun or engaging to save or share? You can see the image in the messaging app, you can see what you get, of course, no harm in saving it in your photo album?
If that were the case. The fact is that a malicious image has the same ability to damage your device and steal your data as a malicious attachment. The only difference is that this is a more complex attack, which makes it less common. Instagram instagram Instagram instagram confirmed that I have fixed an Instagram vulnerability discovered by point-of-verification scientists, which includes a created image that could potentially capture the entire account, possibly even vans of Instagram resolutions to capture a smartphone.
Fake instagram Instagram statement of the verification point that a malicious image that broke Instagram can be used to capture the smartphone itself, access the camera and microphone. Facebook told me that the worst case scenario would be accounting, which in itself looks bad enough. Instagram instagram instagram said that while the dot check claims that simply saving the phone image will trigger an attack, Facebook said that the user will need to upload the image to Instagram. Again, the fact that the image was created as an attack tool was accepted. That's all.
The POK attack of the verification point is that the image is transmitted to the victim via a popular platform-IMessage, Android messages or Chatsapp, and the content of the image tempts the victim to save the image on their device. This is easy to do-most of us do it all the time, even if you're just sharing an image on another platform instead of forwarding the message you receive.
Ekram Ahmed from the checkpoint told me that this should serve as a warning. "Think twice before saving photos on your device," he told me, " as they can be a Trojan so hackers can invade your phone. We demonstrated this using Instagram, but the vulnerability can probably also be found in other apps."This is almost certainly the case-the problem was deploying the open source image analysis capability hidden in the Instagram app." And this third-party software library is widely installed in countless other applications.
Sonatip, who specializes in helping developers safely use such open source software libraries, told me that such components are "90% of all modern applications, and not all components are created equal... Although the verification point responsibly identified the problem and Facebook released a patch, there may be thousands of other companies that use a vulnerable version of [this] component... Now the race has begun.”
If you've received a malicious image in any of your messaging or social media apps, viewing it in apps is almost certainly going to be great. The problem occurs when you save it to an album in your phone's internal memory or on an external disk. We saw it last year when Whatsapp and Telegram exposed the vulnerability of Android, when images were stored on an external drive. However, Earlier this year, the Google project Zero team warned that image processing by IOS messengers themselves could be beaten when processing an unusual type of file.
But problems with the main apps can be fixed—and if you stick with Hyper-scaled messaging and social media apps, they will remove all such image processing vulnerabilities once they are discovered. Simply put, These issues are related to apps, not images, you trust the app to safely handle any content it displays. As soon as you move the image outside of this sand box, so to speak, to your device, then the risk will change. However, apps will not make clean images sent through their threat removal apps if you save these images on your device. Social media apps delete metadata, such as the location where the photo was taken, and compress the size of the image. But they don't consider threats created in the image structure itself. SMS apps don't even compress or delete metadata by default.
The ease with which the vulnerability can spread was highlighted in may, when an image posted on social media overshadowed some Android devices if they were set as Wallpaper. The problem was how the image processed its colors and interacted with the corresponding Android device code. Again, there is no way that such issues are protected by messaging apps or social networks used to virus exchange such threats. There was no malicious intent in this particular image, but it tells you how powerful the created image can be. "These types of attacks are usually carried out by national state actors or their equivalents," said Yaniv Balmas, head of cyber research at checkpoint.
The cyber threats created are not the only risks posed by the countless images we now receive and then share. If we want to compromise ourselves or other people with content transmitted to or from our phones, it's likely to be images and videos that we capture and share. So, the final step to what is now in development, to allow users to have media attachments disappear after viewing, is very welcome. This can be done in media apps such as Snapchat and Instagram, ensuring that the same thing within the main messenger should become the norm.
So, what's the advice to stay safe? It's surprisingly simple. If you know the person and the camera-well. you can tell that they have captured the sent photos from their phone-then you can save whatever they send. You can do this by wirelessly sharing, such as Apple drop, or using IMessage or Android messages to get versions with full resolution and undamaged metadata. You can also use some "super-best" messengers, but they most likely compress the size of photos and remove location data from files.
If you don't know the sender so well, or if the image may have been sent from another location or uploaded from the Internet or social networks, then don't store it on your device. This may seem like a simple photo, but ultimately it's a data file that you can't guarantee. Similarly, if you receive images on social media or in your feed that are not photos taken by someone you know, leave them where they are.
For the same reason, you don't need to set permissions on any of your social networks or messaging apps to automatically save images and videos on your phone. As ESET cyber guru Jake Moore warns, " just sending a file that is automatically recorded sounds dangerous in every way, but is usually the norm for so many people. Storing images can be done retrospectively, which is much more important for security-then you can choose how and when you know that images are safe from known senders.”
And this is the key point here-secure senders. But you should also add secure content to it. The most powerful cyber weapon is what is hidden in front of everyone. This is why serious threat actors focus on core apps that they know will be found on virtually all target devices. This is why targeted phishing embedded in social engineering is so effective. And so an image that puts the victim to sleep, makes them think they can see the content and therefore can set aside concerns that there might be a threat - this is something you have to protect yourself from.