El hackeo de la foto de Android: una foto dice más que mil comandos

Most people have heard the story of the Trojan horse. We’ve learned the lesson from history: don’t trust gifts from strangers. Today, no one would use a giant horse statue, except for a few pranksters with a bad sense of humor, although similar tricks exist in digital form. People are wary of unfamiliar .exe files and sudden pop-up ad downloads. They trust more familiar files like .jpg. But the latest incarnation of the Trojan horse is malicious code that can hide in images and allows cybercriminals to take over Android devices .

Google has moved quickly and has already issued an Android update. Once these software changes occur on a device, this loophole will be resolved. Another positive point is that this tactic is not widespread; it was discovered by cybersecurity researcher Tim Strazzere. So, ultimately, photo hacking is not a widespread threat. However, people should be cautious and stay informed. Understanding how cybercriminals operate is the first step in knowing how to stay safe online.

Truth be told, hiding malicious code in other forms isn’t a new tactic. Criminals have devised all sorts of scams. Infected Microsoft Word documents have been found. When users run these infected files on their PCs, malware is installed to steal sensitive information. The photography method is the latest in this context.

What’s unique about this case is the warning that bad guys can infiltrate even if the images aren’t clicked. Let’s go into a brief rundown of the technical details to explain how. When photos are sent to your Android device, some of that data is processed before users open the file . This is known as parsing in computer science terms: the unpacking and separating of information. You see, smartphones need to know what data to process when users open a file. But they must first see other data to understand the nature of the file type. That’s why cybercriminals can pack secret instructions that will be triggered when they retrieve the file.

What happens next? Well, malware can “lock” the user’s devices, rendering them unusable. Cybercriminals then gain remote access to the smartphone. With all the sensitive information our devices are now using, criminals can get quite a bit! Think of financial details, passwords and online accounts, as well as emails. Criminals could even use the phone’s apps to their advantage, and to the user’s detriment.

Remember, Google has already issued an Android update to combat this, so there’s no need to panic. There are several deceptive threats, and the key to countering them is to be informed. This won’t be the last incarnation of the Trojan horse. But with the right security knowledge, people can stay safe in the digital age.

Consejos de ciberseguridad

With that in mind, here are three cybersecurity tips to keep in mind:

  • Don’t overexpose yourself on social media or chat apps. For this photo trick to work on your Android device, someone has to send you an image. How do they do that? Probably through a Facebook message or another chat app. So think of security in layers: at the basic perimeter, simply don’t let people contact you. This also protects you from social media bullying .
  • Update your device as soon as possible. Large companies have cybersecurity teams working to protect their customers, but updates depend on the customers. In this case, once Google received the report, the latest Android update was tailored to address the vulnerability. Make sure to update your devices and your apps as well.
  • Be aware of where you browse and what you open . As threats evolve, cybercriminals continue to introduce malware using advanced methods. Some people may receive an email with an infected Microsoft Word document attached , while others may accidentally land on an unsafe website . Always make sure what you see on your screen is authentic. Double-check email senders. Look for the official URL. Be aware and vigilant.

Stay ahead of the latest mobile and consumer security threats by following and engaging with us @McAfee  on Twitter and liking us on Facebook .

Presentamos McAfee+

Identity theft and privacy protection for your digital life

FacebookLinkedInTwitterEmailCopy Link

Mantente al día

Síguenos para mantenerte al día de las novedades de McAfee y estar al tanto de las amenazas de seguridad más recientes para particulares y dispositivos móviles.

FacebookTwitterInstagramLinkedINYouTubeRSS

Más artículos de Seguridad móvil

Back to top