Internet pictures can hide code that leaves you open to hacks

A pirate cat, because internet

You might want to be more cautious the next time you click on an internet image link sent by a stranger — much like the pirate cat photo you see above, that adorable picture could be hiding something sinister. Security researcher Saumil Shah has developed a security exploit that uses steganography to slip malicious JavaScript code into an image file. If you happen to view the picture in a vulnerable web browser, it opens the door to installing malware or directly hijacking your computer. And this sort of attack is definitely usable in the real world, as Motherboard found out first-hand.

The good news? The exploit only works under certain conditions. You have to upload an image without a file extension (verboten at services like Dropbox), and any site that modifies the image (such as Facebook or Google Photos) will neuter any hostile code. Still, you won’t be completely safe unless browser makers patch up. Your best solution until then is to peek solely at pictures from people and sites you trust.

[Image credit: eAlina/Getty Images]

Filed under: ,


Via: Motherboard

Source: HITBSecConf

Source: Engadget - Read the full article here

Author: Daily Tech Whip

This article is part of our 'News Tiles' service. The site is currently in Beta. When it is fully operational you will be able to search through and arrange the 'Tiles' to display a keyword, product or technology over your chosen time period. For example you would be able to display all of the leading tech articles on the new Kindle Fire, in one spot in real time. You will also have access to our own original reporting and analysis as well as a polished place to post your own thoughts & reviews here, amongst the Daily Tech Whip Community. Please let us know if you have any feedback via the contact form or via Twitter. Don't forget to come back next week and see our full site and claim your name and your own free tech blog.

Share This Post On