Google Pixel Flaw Allows Recovery of Redacted, Cropped Images
Any images edited with the Markup tool and shared online in the past five years are vulnerable to the Acropalypse attack.
- An 'Acropalypse' flaw in Google Pixel's Markup tool made it possible to partially recover edited or redacted screenshots and images, including those that have been cropped or had their contents masked, for the past five years.
- The Markup tool is a built-in image editor that allows you to redact, crop, and change images on an Google Pixel device.
- The issue impacts all Pixel models running Android 9 Pie and later, which is when the Markup tool was introduced, and until the February 2023 security update.
- The problem is believed to stem from how the image file was opened for editing, causing truncated data to be left behind in a saved image and allowing roughly 80% of the original version to be recoverable.
- The researchers reported the flaw to Google in January 2023, and the company fixed it via an update released on March 13, 2023, tracking it as CVE-2023-21036.
- The researchers also published an Acropalypse screenshot recovery utility online to allow Pixel owners to test their own redacted images and see if they are recoverable.
- Despite Google fixing the problem in the recent update for the Pixel phones, any images shared in the past five years are vulnerable to the Acropalypse attack, and nothing can be done to remediate this.