Click to Skip Ad
Closing in...

Hackers can compromise your Android phone with a single image file

Published Feb 7th, 2019 10:31AM EST
Android Security Update
Image: YouTube

If you buy through a BGR link, we may earn an affiliate commission, helping support our expert product labs.

Opening a single image in PNG format may be enough for your Android phone to be compromised by hackers, and that’s regardless of how tech-savvy you might be. That’s because a vulnerability in Android from versions 7.0 to 9.0 will allow hackers to run code on your smartphone or tablet after you’ve looked at the image. And you’d have no way of knowing you’ve been targeted.

The news comes directly from Google’s newest security update , which mentions the critical PNG vulnerability in Android:

The most severe of these issues is a critical security vulnerability in Framework that could allow a remote attacker using a specially crafted PNG file to execute arbitrary code within the context of a privileged process. The severity assessment is based on the effect that exploiting the vulnerability would possibly have on an affected device, assuming the platform and service mitigations are turned off for development purposes or if successfully bypassed.

As ZDNet explains, Google declined to reveal the technical details of the exploit in an effort to mitigate the risk of attack. It’s also unclear what an attacker would be able to do with the help of this security vulnerability. Furthermore, there are no current reports of the PNG issue being exploited in the wild (which isn’t surprising considering victims likely won’t even realize they’ve been targeted), but the risk remains as long as your Android device doesn’t get the latest security updates.

Google has already patched the security issue and the patches were pushed to the Android Open Source Project (AOSP) repository. As always, make sure to update your Android device to the latest available version of Android as, and that you download the security updates as soon as you get any notifications. You can also try to limit the exposure to a potential hack by not opening any PNG files until you’ve updated your phone. Read more about the matter in Google’s February 2019 security bulletin.

Chris Smith Senior Writer

Chris Smith has been covering consumer electronics ever since the iPhone revolutionized the industry in 2008. When he’s not writing about the most recent tech news for BGR, he brings his entertainment expertise to Marvel’s Cinematic Universe and other blockbuster franchises.

Outside of work, you’ll catch him streaming almost every new movie and TV show release as soon as it's available.