A vulnerability that was first discovered in some Google Pixel models seems to have much more reach.
We are more than used to using the Snipping tool of Windows, but be careful, because it seems that there is a problem with it and you can be very upset if you are not careful. All the fuss started a few days ago with what It was called the “Acropalypse”which consisted of an error that some users of Google Pixel mobiles They were experiencing it by using the devices native clippings app. It turns out that when you did a crop and sent the new image, the file that was sent collected all the information of the original image in the metadata, which was easily accessible by the other person. Essentially, you were sending the original image, not the crop.
This generated quite a bit of media noise, as many images were shared with sensitive information as bank account numbers or passwords. Users cropped this data from the original image, but when they submitted the crop, that information was “discarded” was encapsulated inside. At the moment Google has not updated its mobiles to correct this serious privacy vulnerability, but it seems that the problem has more tentacles than we thought. Also it happens in windows 11.
Windows snippets come with invisible information
Will Dormann is an expert in vulnerabilities in computer systems, and recently shared on his Twitter account the problem that Windows 11 had with cutouts since its last update. Using the native clipping app, Dormann realized that the size of the cropped and original images was the same, which is obviously not normal. Turns out Windows 11 is too stores original image informationand accessing it is as simple as override certain parameters of the file and pass it through a data recovery tool.
To easily demonstrate an current image recovery:
1. Take a JPEG image
2. Make a copy of it
3. Crop it in Snipping Tool
4. Save/overwrite
4. In a hex editor, overwrite the EOI Marker (0xFFD9)
5. Repair it at https://t.co/6emtSsavPB
6. Wonder how secure your cropped image data is pic.twitter.com/S1IcDCsovF— Will Dormann (@wdormann) March 21, 2023
Microsoft has not yet ruled on the matter, but this ruling clearly creates a dangerous privacy gap for all its users. As a preventive measure, we recommend that do not use the Windows Snipping tool if you are going to share, crop or quickly edit images that contain any type of sensitive or personal information. there are very good programs to make cuts in Windowsso even though Clippings is now compromised, you shouldn’t have a problem. If you want an alternative until Microsoft fixes the problem, I recommend you try ShareXwhich is a free tool that I’ve been using for many years and couldn’t be easier to use.