We recently heard about a vulnerability in Google’s screenshot tool for Pixel phones, referred to as acropalypse, that can lead to sensitive information being revealed through screenshots, without the user even realizing it. As it turns out, Google is not the only one suffering from this problem, as the Snipping Tool app in Windows 11 has the same problem.
If you’re not familiar with acropalypse, it’s a security vulnerability that allows almost anyone to undo edits you’ve made to a screenshot, exposing information that may have been cropped or blurred in the screenshot. When you edit a screenshot, you can save it with the same name as the original file, and overwrite it. However, as it turns out, the Windows 11 Snipping Tool doesn’t delete the original information from the file, leaving it appended at the end, in a way that isn’t usually visible to users. With a few tricks, a potential attacker can retrieve hidden information from the file and see which information has been edited.
After sharing the original discovery regarding Pixel phones, Twitter user Chris Blume shared a report indicating that the same thing is happening on Windows 11. Since then, David Buchanan (who wrote the original blog post explaining the vulnerability on Pixel phones) has confirmed that it works the same way. Almost the same as Windows 11’s snipping tool, albeit the app uses a different color model. You can verify this by looking at the file size, as the modified screenshots are likely to be much larger due to the inclusion of information from the original image.
This is a very serious vulnerability since it is not uncommon for users to crop out or obliterate sensitive information in the images of the things you want to share. For example, if you share a screenshot of an order confirmation page on Amazon, it might include your address, and even if you crop it, it makes it possible for someone to find that information anyway. You can apply this logic to things like credit card numbers and other sensitive data, too.
Now that the vulnerability has been made public, we hope a fix will be released soon. However, modified screenshots will still be affected, so you may want to go back and look at anything that might reveal personal details, as attackers will no doubt be looking for potential victims.
source: Chris Bloom (Twitter) And David Buchanan (Twitter)
[ad_2]
