The process of creating a screenshot or photo and cutting out sensitive data using the crop function is a common practice for many individuals. However, recent findings have revealed a potential security gap in this process on both Google’s pixel phones and Windows 11’s snipping tool.
Dubbed “Acropalypse,” the gap involves leaving parts of the cut-out information in the saved file, thus potentially compromising sensitive data. Although Google has already distributed an update to address this issue on their devices, an IT professional discovered that the same behavior exists in Windows 11’s snipping tool.
Although the snipping tool only allows for basic graphic editing, such as cropping, saving the cropped file with the same name as the original can cause the file size to remain unchanged instead of decreasing. This behavior, which can be easily reproduced, is due to the existing data within the file beyond the saved section being retained.
Upon examination with a hex editor, it was discovered that saving an already existing file in this way placed the PNG end marker, IEND, in the middle of the file, followed by data that was previously contained within the original file. This retention of data can lead to potentially sensitive information being disclosed unintentionally.
Other image processing tools, such as Photoshop or GIMP, have not demonstrated this behavior. However, Microsoft’s snipping tool should address this issue quickly by distributing a bug-fixed version of the tool. Until then, users of the snipping tool should give files a new name to avoid mistakenly revealing sensitive information. Files already stored in this manner can be corrected using Windows Paint’s system tool by simply opening and saving them.
