Saturday April 21, 2018
Home Science & Technology Attention! No...

Attention! Now viewing an image online could hack into your computer

0
//
63
Republish
Reprint

saumil_photo_square_400x400

 

 

By NewsGram Staff Writer

Who would have thought that an innocent looking image file might prove to be a disastrous intruder in your personal computer?

In the new age digital world, inventions and discoveries have to be scrutinized in and out to find out their hidden attributes. One can’t be sure if a discovery is ever entirely beneficial or not.

As reported by motherboard.vice.com, Saumil Shah, a security researcher from India has devised a technique called “Stegosploit”    through which a hacker could hide malicious code inside the picture’s pixels. The technique that he has put to use is known  as ‘steganography’. It consists of stashing secret text or images in a different text or images.

Shah calls it the “magic sauce” behind Stegosploit. In this case, the malicious code or exploit is encoded inside the picture’s pixels, and it’s then decoded using an HTML 5 element called Canvas, which allows for dynamic rendering of images.

“I don’t need to host a blog, I don’t need to host a website at all. I don’t even need to register a domain,” Shah told Motherboard, during the demo last week. “I can take an image, upload it somewhere and if I just point you toward that image, and you load this image in a browser, it will detonate.”

 

The malicious code, which Shah calls “IMAJS,” is a mix of image code and javascript hidden into a JPG or PNG file. Shah hides the code within the picture’s pixels, and from the outside, unless you zoom a lot into it, the picture looks just fine.

Admitting that the technique might not work everywhere, Shah adds that he, himself hasn’t fully tested his technique on known image sharing sites such as Imgur or Dropbox,. The malicious file has to be uploaded without an extension for the browser to be tricked into rendering it, and some sites, such as Dropbox, don’t allow that. Moreover sites like Facebook reprocess the images when they are uploaded, causing the loss of the malicious code, according to Shah.

Still, Shah believes it’s just a matter of time and that “these techniques are coming, sooner or later.”

Click here for reuse options!
Copyright 2015 NewsGram

Next Story

Cybercrimes cost businesses $600 billion globally: McAfee report

Cybercrime losses are greater in richer countries; however, the countries with the greatest losses are mid-tier nations that are digitised but not yet fully capable of cybersecurity, the report noted.

0
//
32
Russia, North Korea and Iran are the most active in hacking financial institutions, while China is the most active in cyber espionage.
Hackers are usig new techniques to rob users' data and money. Wikimedia Commons

Cybercrimes have cost businesses close to $600 billion globally — or 0.8% the global GDP — which is up from $445 billion reported three years back, a report said on Thursday.

The report by the global cybersecurity firm McAfee, prepared along with the Centre for Strategic and International Studies (CSIS), said that over the last three years, cybercriminals have quickly adopted new technologies to ease the process of engaging in cybercrimes.

“Ransomware-as-a-Service Cloud providers efficiently scale attacks to target millions of systems, and attacks are automated to require minimal human involvement,” Steve Grobman, Chief Technology Officer for McAfee, said in a statement.

Also Read: Indian companies more prone to cyber attacks

“Add to these factors cryptocurrencies that ease rapid monetisation, while minimising the risk of arrest, and you must conclude that the $600 billion cybercrime figure reflects the extent to which our technological accomplishments have transformed the criminal economy as dramatically as they have every other portion of our economy,” he added.
The report, titled “Economic Impact of Cybercrime — No Slowing Down”, said that banks remain the favourite target for cybercriminals.

McAfee, Inc. is an American global computer security software company.
McAfee, Inc. is an American global computer security software company. Wikimedia Commons

Russia, North Korea and Iran are the most active in hacking financial institutions, while China is the most active in cyber espionage.

“Our research bore out the fact that Russia is the leader in cybercrime, reflecting the skill of its hacker community and its disdain for Western law enforcement,” said James Lewis, Senior Vice President at CSIS.

“North Korea is second in line, as the nation uses cryptocurrency theft to help fund its regime, and we’re now seeing an expanding number of cybercrime centres, including not only North Korea but also Brazil, India and Vietnam,” Lewis added.

Cybercrime losses are greater in richer countries; however, the countries with the greatest losses are mid-tier nations that are digitised but not yet fully capable of cybersecurity, the report noted. (IANS)

Next Story