Monday May 21, 2018
Home Science & Technology Attention! No...

Attention! Now viewing an image online could hack into your computer

0
//
65
Republish
Reprint

saumil_photo_square_400x400

 

 

By NewsGram Staff Writer

Who would have thought that an innocent looking image file might prove to be a disastrous intruder in your personal computer?

In the new age digital world, inventions and discoveries have to be scrutinized in and out to find out their hidden attributes. One can’t be sure if a discovery is ever entirely beneficial or not.

As reported by motherboard.vice.com, Saumil Shah, a security researcher from India has devised a technique called “Stegosploit”    through which a hacker could hide malicious code inside the picture’s pixels. The technique that he has put to use is known  as ‘steganography’. It consists of stashing secret text or images in a different text or images.

Shah calls it the “magic sauce” behind Stegosploit. In this case, the malicious code or exploit is encoded inside the picture’s pixels, and it’s then decoded using an HTML 5 element called Canvas, which allows for dynamic rendering of images.

“I don’t need to host a blog, I don’t need to host a website at all. I don’t even need to register a domain,” Shah told Motherboard, during the demo last week. “I can take an image, upload it somewhere and if I just point you toward that image, and you load this image in a browser, it will detonate.”

 

The malicious code, which Shah calls “IMAJS,” is a mix of image code and javascript hidden into a JPG or PNG file. Shah hides the code within the picture’s pixels, and from the outside, unless you zoom a lot into it, the picture looks just fine.

Admitting that the technique might not work everywhere, Shah adds that he, himself hasn’t fully tested his technique on known image sharing sites such as Imgur or Dropbox,. The malicious file has to be uploaded without an extension for the browser to be tricked into rendering it, and some sites, such as Dropbox, don’t allow that. Moreover sites like Facebook reprocess the images when they are uploaded, causing the loss of the malicious code, according to Shah.

Still, Shah believes it’s just a matter of time and that “these techniques are coming, sooner or later.”

Click here for reuse options!
Copyright 2015 NewsGram

Next Story

Black Box: A Chip That Makes Hacking Impossible

In an era of Machine Learning (ML)-enabled hacking, in which Artificial Intelligence (AI) technology is trained to "learn" and model inputs and outputs, a new chip-based technology termed as a "black box" can thwart hackers' plans, say researchers.

0
//
16
Due to its nature, the chip is physically unclonable and can, thus, render the device invulnerable to hijacking, counterfeiting or replication by cyber-criminals
Representational image. Pixabay

In an era of Machine Learning (ML)-enabled hacking, in which Artificial Intelligence (AI) technology is trained to “learn” and model inputs and outputs, a new chip-based technology termed as a “black box” can thwart hackers’ plans, say researchers.

According to Computer Science Professor Dmitri Strukov from the University of California-Santa Barbara, he and his team were looking to put an extra layer of security on devices.

The result is a chip that deploys “ionic memristor” technology.

Key to this technology is the memristor, or memory resistor — an electrical resistance switch that can “remember” its state of resistance based on its history of applied voltage and current.

With ML, an attacker doesn't even need to know what exactly is occurring as the computer is trained on a series of inputs and outputs of a system
Due to its nature, the chip is physically unclonable and can, thus, render the device invulnerable to hijacking, counterfeiting or replication by cyber-criminals. pixabay

A circuit made of memristors results in a “black box” of sorts, as Strukov called it, with outputs extremely difficult to predict based on the inputs.

“You can think of it as a black box. Due to its nature, the chip is physically unclonable and can, thus, render the device invulnerable to hijacking, counterfeiting or replication by cyber-criminals,” said Strukov in a paper which appeared in the journal Nature Electronics.

With ML, an attacker doesn’t even need to know what exactly is occurring as the computer is trained on a series of inputs and outputs of a system.

Due to its nature, the chip is physically unclonable and can, thus, render the device invulnerable to hijacking, counterfeiting or replication by cyber-criminals
Representational image. Pixabay

“For instance, if you have 2 million outputs and the attacker sees 10,000 or 20,000 of these outputs, he can, based on that, train a model that can copy the system afterwards,” said Hussein Nili, the paper’s lead author.

The “memristive black box” can circumvent this method of attack because it makes the relationship between inputs and outputs look random enough to the outside world even as the circuits’ internal mechanisms are repeatable enough to be reliable.

Also Read: Motorola Foldable Phone Concept Opens up Into a Tablet

“If we scale it a little bit further, it’s going to be hardware which could be, in many metrics, the state-of-the-art,” Strukov noted. (IANS)