#acropalypse
Explore tagged Tumblr posts
Text
if you're a pixel phone user, your cropped/redacted screenshots might not be redacted
a bug called "acropalypse" has been discovered that can recover the original contents
Source: https://twitter.com/ItsSimonTime/status/1636857478263750656
More info:
This affects the built-in Markup app for all models from Pixel 3 through Pixel 7.
Images uploaded to Discord before January 2023 have not been sanitized against this.
Here's a blog post by one of the authors: https://www.da.vidbuchanan.co.uk/blog/exploiting-acropalypse.html
What you should do:
Update your phone ASAP. Update instructions here. Follow the section for security updates and ensure your Android security update is from March 2023.
Check your social media for vulnerable images you may have uploaded. You can use the demo app to test your images: https://acropalypse.app/
#my:poast#security#infosec#acropalypse#google pixel#hopefully this one is easier to read?? idk#stay safe y'all this one is a fucking doozy and a half
1K notes
·
View notes
Text
There is a bug in the Markup screenshot editor tool on PIxel phones. The bug was introduced with Android 10 and allows recovery of portions of images that were cropped out in Markup. For example, if you took a screenshot of a webpage and cropped out a section that showed your real name, exploiting this bug could allow recovery of the cropped section.
I say "could" because it does depend on how someone got the screenshot file from you. Some sites/apps - Twitter is given as an example - recompress uploaded files and this results in the data being deleted from the file that is necessary to recovering the cropped sections. Sites/apps that share the original file - Discord is the example here - can contain the necessary information to exploit the bug.
The bug was patched in the March 2023 security update for Pixel devices, so please update your phone as soon as possible.
IMPORTANT: Patching your device addresses screenshots going forward. It does not fix all the screenshots you may have uploaded to various sites/apps over the time since Android 10 came out.
9 notes
·
View notes
Link
Microsoft Has A Solution For The “aCropalypse” Vulnerability– How To Fix It.
0 notes
Text
acropalypse
acropalypse allows previously redacted details to be reclaimed, if the screenshots were taken and changes were made, using the markup editing tool found on Google Pixel devices.
0 notes
Text
I beat Atomicrops (aka Acropalypse)! It was hella fun! It's a roguelike farming sim! You can get gay married, the combat and farming is great, finding upgrades and shopping almost always gives you options (player agency!), and the music/graphics are goofy. I love my bug husband
3 notes
·
View notes
Text
Accidentally overriding reality: untrustworthy and accidentally faked photos
I've been thinking and writing a lot about instant photography as paranormal evidence over the last week or so, and over this period of time, I've come across a number of articles talking about how digital photography, in particular smartphone photography, is beginning to feel less and less reliable. In particular, two news stories have broken that talk about how in some circumstances, you can't trust the pictures that you take on your phone.
The first story is about Samsung's photo "enhancements" (much more on that down below). The second is about how people thought that they were cropping out or redacting sensitive information on screen grabs on their Google Pixel phones because it looked like the images were cropped or redacted. But years later, it's been revealed that the "redacted" data was still available in the file, and it can be retrieved, meaning that credit card numbers, names, addresses, and other sensitive information has been compromised. (By the way, a second "acropalypse" bug has now been found on Window devices, as well—another strike against feeling like you can trust the images that you see on your devices. Images aren't quite what they seem.)
Before I get into the Samsung controversy, I want to elaborate a bit more on some reasons why instant photography feels so trustworthy, particularly in contrast to the mysterious ways in which are phones can twist reality in the photographs that we take.
Instant photos feel real
Like I mentioned when I wrote about instant photos as paranormal evidence, Polaroid photos are extremely physical. They take a moment and immediately allow you to have a keepsake of it, a physical reminder of where you just were, who you're with, or what just occurred. I love bringing my Polaroid or Fujifilm camera on trips, because it's nice to have that physical souvenir of a place, rather than just a bunch of smartphone photos.
So when trying to create a record of something as insubstantial as a ghost, of course it makes sense to want to do that through a physical means. Because, again, instant photographs allow you to take a particular moment in time—something that can only be experienced by being there physically—and turn it into an artifact immediately.
I think there's something in the desire to try to capture a non-corporeal entity like a ghost in an incredibly physical and immediate form of media. It almost feels like a way to "prove" the existence of ghost.
In addition to being harder to fake than digital photography, a Polaroid of a ghost or paranormal phenomena translates an insubstantial thing into a very real feeling photograph. It literally takes the image of the ghost from the theoretical, invisible, untouchable realm of the unknown and turns it into a physical photograph that you can hold. The desire to want to catalog your paranormal experiences using Polaroids makes complete sense. If you see a potentially paranormal anomaly in your instant photo, it feels like the phenomena is more real because it was captured in the picture.
Fakery in smartphone photography
On the other end of the spectrum, there's the computational photography , which can modify the images we photograph with smartphone cameras in various ways. An article in The Verge sums up the recent Samsung controversy well:
This week, Samsung drew criticism for the technology its newer phones use to “enhance” photos of the Moon. A user on Reddit, ibreakphotos, conducted an experiment by creating a blurred photo of the Moon and then taking a picture of it using their Galaxy S23 Ultra. Even though the photo was completely blurry, their Samsung device appeared to add details to the image that weren’t there before, like craters and other marks, calling into question whether the highly detailed Moon photos people have been taking with their Galaxy devices really are photos of the Moon.
The Verge article is a fascinating read; not only does it document the Samsung moon-augmentation scandal, but it also talks about how many, many images of the moon that we see have been modified. Part of that is because it's so easy to do these days:
And while faking the night sky once involved “sandwiching negatives, doing things in the darkroom,” as Nordgren says, it’s become far easier and more prevalent in the age of Photoshop. “One of the biggest things people do is sky replacements,” Lynsey Schroeder, a professional astrophotographer tells The Verge. “They’ll take the Milky Way from a different photo and Photoshop it in so that it looks like it was there.” An expert would immediately know that it’s fake. “But to the general public, they don’t know.”
As someone who's reworked plenty of photos in Photoshop, I can say that this sort of photo manipulation is trivially easy. Like I've mentioned before, as popular apps like Facetune allow people to modify photos on their mobile devices, people have learned to trust digital photography less and less.
But Samsung's wholesale replacement of the moon in photos—using a "deep-learning-based AI detail enhancement engine"—strikes me as a step beyond that. (Samsung has apparently been using AI in their cameras since the Galaxy S10, and their "Scene Optimizer" technology since the Galaxy S21 series. Though I can tell you that pictures of the moon on my Galaxy S22+ still look like garbage. So they've clearly made some major changes for their latest devices. Either that, or I guess I gotta try using my phone's 100x zoom, which I had no idea existed. )
It's one thing for someone to decide to modify their own photographs; it's another for apps themselves to rework images in the process of capturing them.
In the case of someone photographing the moon and getting a completely different image, there was never a "real," unedited version of the image. You can't revert between the edited and original versions; the edit is the only one that exists.
Samsung isn't the only company that has introduced "computational photography" into its cameras. Apple's live photos and portrait mode could be considered computational photography, but as AppleInsider points out, "users are beginning to ask where to draw the line between these algorithms and something more intrusive, like post-capture pixel alteration."
There are so many questions that this raises, but the question of memory resonates the most to me. Many people (myself included) use smartphone photos as an aide-mémoire. I'll often take pictures not because something is beautiful or because I'm expressing myself artistically, but because I want to remember something. I'm not going to post that image to Instagram, but I will scroll back in my phone, see the timestamped, unaesthetic mirror selfie in a venue bathroom, and think "oh, right, that's the day that I went to that concert."
For me, the visual information that I collect in the form of photos is more for constructing and preserving my memories than anything else. So my question is: If our everyday smartphone photos help us remember reality and our pasts, what happens when, unbeknownst to us, our cameras are modifying the images? In that case, it becomes a form of memory modification. At that point, you aren't the arbiter of your memories; the images on your phone can override your recollections. As AppleInsider eloquently puts it, "the final image doesn't represent what the sensor detected and the algorithm processed. It represents an idealized version of what might be possible but isn't because the camera sensor and lens are too small."
There's something truly chilling about that.
The AppleInsider article goes on:
By changing how the moon appears using advanced algorithms without alerting the user, that image is forever altered to fit what Samsung thinks is ideal. Sure, if users know to turn the feature off, they could, but they likely won't.
So here we are, in a place where large tech corporations have the power to override reality—and perhaps even our very memories. No wonder instant photography, despite its limitations, can feel like a more reliable way to access paranormal realities.
If smartphone cameras are increasingly depicting "idealized" images of the world, smoothing out anomalies and removing variations from what an computer might consider "normal," what does that mean for paranormal photography? Is it possible that phone cameras might capture paranormal phenomena, but the AI in the phone's camera wipes that out, replacing it with "expected" reality? Or could strangeness seep in anyway, through synchronicity and glitches?
#cryptidcore#cryptidacademia#ghost hunting#ghosts#paranormalinvestigator#paranormal podcast#nostalgia#90s nostalgia#80s nostalgia#instant photography#instantfilm
5 notes
·
View notes
Text
Windows 11 also vulnerable to “aCropalypse” image data leakage
http://i.securitythinkingcap.com/SlJvKW
3 notes
·
View notes
Text
Windows 11 also vulnerable to “aCropalypse” image data leakage
Source: https://nakedsecurity.sophos.com/2023/03/22/windows-11-also-vulnerable-to-acropalypse-image-data-leakage/v
5 notes
·
View notes
Text
How Cloudflare Images addressed the aCropalypse vulnerability
https://blog.cloudflare.com/how-cloudflare-images-addressed-the-acropalypse-vulnerability/
0 notes
Text
[Media] aCropalypse gif
aCropalypse gif aCropalypse CVE-2023-21036 related GIF PoC. The aCropalypse reported affects PNG, but a similar exploit exists in GIF images. https://github.com/heriet/acropalypse-gif #infosec #cve #poc
0 notes
Text
مايكروسوفت تصلح خللاً يكشف الجانب المحذوف من الـ«سكرين شوت»
قامت شركة مايكروسوفت بإطلاق تحديث لإصلاح ثغرة، ضمن برنامج تحرير لقطة الشاشة في نظامي التشغيل ويندوز 10 و11. وكان موقع Bleeping Computer اكتشف سابقاً أن هذه الثغرة الأمنية التي تسمى "aCropalypse"، تسمح للأفراد باستعادة الجزء المحرر من صورة الشاشة، مما يمكن أن يكشف عن معلومات شخصية كانت قد تم قصها أو إخفاؤها.
ووفقاً لمايكروسوفت، فإن المشكلة (CVE-2023-28303) تؤثر على تطبيق Snip & Sketch على ويندوز 10 وأداة Snipping Tool على ويندوز 11. ومع ذلك، فإن ذلك ينطبق فقط على الصور التي تم إنشاؤها وحفظها وتحريرها ثم حفظها مرة أخرى على الملف الأصلي، وعلى تلك التي تم فتحها في أداة Snipping Tool وتحريرها وحفظها في نفس الموقع. ولا يؤثر على اللقطات التي تم تعديلها قبل حفظها، ولا يؤثر أيضاً على اللقطات التي تم نسخها ولصقها في مثل داخل البريد الإلكتروني أو المستند. Read the full article
0 notes
Text
PSA: If you are a Pixel phone user and have posted cropped or redacted screenshots with the built-in Markup editing tool: update your shit immediately and check your social media for vulnerable screenshots
You can use the demo app here: https://acropalypse.app/ and follow the authors on twitter for more updates
74 notes
·
View notes
Text
I posted yesterday about the Google Pixel Markup tool bug that allows recovery of cropped portions of screenshots. And then, I found that a similar bug has been discovered in Microsoft Windows.
The Windows 11 Snipping Tool appears to occur if you take some action on an image file and the altered file content is smaller than the original file. The now excess 'old' file data can be recovered, though not perfectly (meaning you might recover part of the image that was cropped, but not all of it). Cropping an image is of course a common way a file might be made smaller.
Word is that the Snip & Sketch tool on Windows 10 is also vulnerable, but that the Windows 10 Snipping tool is not.
HOW TO FIX
There is not yet an official patch for this issue, though Microsoft has acknowledged they are investigating. In the meantime, per the article, "BleepingComputer also found that if you open an untruncated PNG file in an image editor, such as Photoshop, and save it to another file, the unused data at the end will be stripped off, making it no longer recoverable".
As with the PIxel bug, be aware that screenshot files made in the past could also have data recovered from them.
13 notes
·
View notes
Text
Ook Windows 11 Knipprogramma heeft grote kwetsbaarheid: stukken afbeelding terug te halen - Update: gefixt
Origineel bericht (22-03): Het 'acropalypse'-beveiligingslek dat recentelijk in Googles Pixel-smartphones werd gevonden blijkt ook van toepassing te zijn op het Knipprogramma van Windows 11, zo detailleert BleepingComputer. Afbeeldingen die via het Windows-programma worden geopend en aangepast, kunnen na het opslaan gedeeltelijk worden hersteld naar de eerdere versie. Het lijkt specifiek om PNG-bestanden te gaan. Microsoft zegt in een statement tegenover het medium dat er aan een oplossing ge... http://dlvr.it/SlW5SL
0 notes
Text
« Acropalypse », le nouveau cauchemar des utilisateurs de Google Pixel
0 notes
Text
Windows 11 tem falha na ferramenta de recorte que permite recuperar informação
A recente descoberta do “Acropalypse” nos telefones Pixel do Google foi recebida com muita preocupação na comunidade tecnológica. Após os relatórios iniciais, os especialistas em TI confirmaram que os dados sensíveis podem permanecer em ficheiros guardados mesmo que partes da imagem tenham sido cortadas utilizando a função de recorte. Embora a Google já esteja a […]
View On WordPress
0 notes