Latest in Exploit

Image credit:

Internet pictures can hide code that leaves you open to hacks (update: criticism)

Jon Fingas, @jonfingas
June 1, 2015
Share
Tweet
Share

Sponsored Links

You might want to be more cautious the next time you click on an internet image link sent by a stranger -- much like the pirate cat photo you see above, that adorable picture could be hiding something sinister. Security researcher Saumil Shah has developed a security exploit that uses steganography to slip malicious JavaScript code into an image file. If you happen to view the picture in a vulnerable web browser, it opens the door to installing malware or directly hijacking your computer. And this sort of attack is definitely usable in the real world, as Motherboard found out first-hand.

The good news? The exploit only works under certain conditions. You have to upload an image without a file extension (verboten at services like Dropbox), and any site that modifies the image (such as Facebook or Google Photos) will neuter any hostile code. Still, you won't be completely safe unless browser makers patch up. Your best solution until then is to peek solely at pictures from people and sites you trust.

Update: Web engineer Christian Bundy and others are critical of Shah's claims that this is an exploit. As Bundy explains, you'd still need a malicious website that tells your browser to run the image as a script. It's still possible that someone could send you to a seemingly innocuous image host that compromises your PC, but they can't simply upload a snapshot to a photo service and launch attacks. This is more about making it harder to spot rogue code than using the images themselves as weapons.

[Image credit: eAlina/Getty Images]

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
Tweet
Share

Popular on Engadget

Windows XP source code leak sheds light on Microsoft's OS history

Windows XP source code leak sheds light on Microsoft's OS history

View
SpaceX scales back plans for Starship's first high-altitude flight

SpaceX scales back plans for Starship's first high-altitude flight

View
Dark mode is coming to WhatsApp for Android

Dark mode is coming to WhatsApp for Android

View
The best wireless workout headphones

The best wireless workout headphones

View
How 'Microsoft Flight Simulator' became a 'living game' with Azure AI

How 'Microsoft Flight Simulator' became a 'living game' with Azure AI

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr