Mastodawn

Pierre Bourdon Mar 18, 2023

CVE-2023-21036 / acropalypse is absolutely bonkers.

Apparently for 5+ years the cropping / editing tools for screenshots on Google Pixel phones was only overwriting the start of the screenshot PNG file, but not truncating.

All screenshots shared for the past 5+ years might have data recoverable from them. Demo available at https://acropalypse.app/

Google still hasn't communicated anything on this.

(h/t ItsSimonTime on Musk's site)

acropalypse screenshot recovery utility

Show thread

Pierre Bourdon Mar 18, 2023

I tried it on a screenshot from just a week ago. This is absolutely scary.

First image is the screenshot I saved after cropping. Second is what the demo app managed to recover.

Show thread

chrismckee

@delroth doesn't seem to work on ones that have been shared online though. I assume because nearly every site / app will re-encode as jpeg to save space

Show thread

chrismckee Mar 18, 2023

@delroth struggled to find one in my vastly (Jesus I need to clean that folder) overfilled screenshot folder. It's just saved the dead space

Show thread

Pierre Bourdon Mar 18, 2023

@chrismckee depends on the app, and the size of the file for some apps. Definitely wouldn't make that bet if I had cropped e.g. credit card info or sensitive personal info.

Especially since PNGs don't usually have EXIF-style metadata so it's more common for apps to leave them alone.