Tag: Pixel

Categories
Mobile Syrup

You can un-crop screenshots captured by the Windows 11 Snipping Tool

Earlier this month, details emerged about a flaw with Pixel phones’ Markup tool for editing screenshots. Dubbed ‘aCropalypse,’ the flaw allowed malicious actors to restore some or all of a cropped or redacted image.

Now it appears Windows 11 is impacted by a similar flaw.

Developer Chris Blume uncovered that the Windows 11 Snipping Tool is vulnerable to a similar exploit as was used for aCropalypse and shared the finding with Simon Aarons, one of the reverse engineers who discovered aCropalypse, on Twitter.

Bleeping Computer verified the exploit with David Buchanan, the other reverse engineer behind aCropalypse, and found that a slightly modified version of the script Buchanan made to extract hidden info from an edited Pixel screenshot worked on the Windows 11 Snipping Tool.

As with Pixel’s Markup software, the Snipping tool doesn’t completely erase unused parts of the PNG image data, such as parts of the image that are cropped out. This data can be partially or fully recovered.

However, it’s worth noting that the problem doesn’t impact all PNG files captured with the Snipping Tool, with optimized images being among those unaffected. Moreover, JPEG files also leave behind data, but so far, the exploit isn’t known to work with that file format. Finally, images that have been saved as another file in an image editing tool should be safe as well.

Microsoft told Bleeping Computer it was “aware of these reports and [is] investigating,” and it will take necessary action to protect users.

The flaw doesn’t appear to impact the Windows 10 Snipping Tool. Moreover, Buchanan isn’t publishing the modified scripts for the Windows 11 Snipping Tool since Microsoft hasn’t had a chance to patch it.

Meanwhile, Windows 11 users will want to be careful with what they capture using the Snipping Tool and where they share images. The main concern here is that someone might capture sensitive information in a screenshot and crop it out, but a malicious actor could restore the information using the modified aCropalypse script.

It’s worth noting that Google already pushed out a patch for aCropalypse to Pixel phones, but it doesn’t fix screenshots captured before the update.

Source: Chris Blume, David Buchanan, Bleeping Computer, Via: Engadget

Categories
Mobile Syrup

Pixel users could get separate ring, notification volume in Android 14

The second Android 14 Developer Preview has been out for a little bit now, but people are still uncovering new features and tweaks. One such discovery is that Android 14 splits the ring and notification volume levels, letting users have a loud ringtone for incoming calls and quiet notifications for emails and texts.

Of course, if you don’t use a Pixel, this is something you’ve likely had access to for a while (and even older Pixels offered this feature before Google did away with it). For example, Samsung smartphones offer separate ring and notification volume controls.

While certainly not a major change, it is a nice quality-of-life adjustment for anyone over the age of 50 who doesn’t keep their phone on vibrate.

Android expert Mishaal Rahman tweeted that Google has been working on separating ring and notification volumes for a little while, with the feature appearing in the Android 13 QPR2 beta. However, in the 13 QPR2 beta, users needed to enable a flag to get the separated volumes. Based on the reports about Android 14 DP2, the feature just turned on, with Rahman writing that it looks like Google toggled the flag remotely.

It will be interesting to see if the volume separation is enabled in the Android 13 QPR3 beta. If it is, then the change could hit devices as part of the June 2023 Pixel Feature Drop. Otherwise, ring and notification volumes might remain together until Android 14 arrives.

Source: @MishaalRahman Via: Android Police

Categories
Mobile Syrup

Exploit with Pixel screenshot editor lets you un-crop images

The March security update that rolled out earlier this month included some fixes for major vulnerabilities on Google’s Pixel smartphone line.

There was a patch for an exploit with Samsung-made modems that could allow attackers to access data like phone calls or text messages using only the victim’s phone number. However, that wasn’t the only major vulnerability. The March update also includes a fix for a high-severity flaw with the Pixel Markup tool for editing screenshots. In short, the flaw leaves data in the image file that could allow malicious actors to partially restore images that were cropped or edited.

Dubbed ‘aCropalypse,’ details emerged over the weekend courtesy of Simon Aarons and David Buchanan, reverse engineers who uncovered the flaw. Aarons posted an image showing how aCropalypse can be used to recover an image on Twitter — the image shows a cropped, redacted photo of a credit card shared in a chat, and then the recovered image that includes the unredacted credit card number. Meanwhile, Buchanan posted a blog post with a technical breakdown of the exploit — if you’re curious how, exactly, aCropalype works, it’s worth a read.

The flaw has existed for about five years. Markup was released in 2018 as part of Android 9 Pie, so it seems like aCropalypse has been around basically since the beginning. Although the March security patch fixes the problem for future images, edited screenshots taken prior to the patch are still vulnerable.

However, it’s hard to say just how worried Pixel owners should be. Aarons and Buchanan have a FAQ page coming — though at the time of writing, it wasn’t live — that should help explain some of the details. One important piece of information the duo shared with The Verge and 9to5Google is that some websites, like Twitter, process images in such a way that they aren’t vulnerable to aCropalypse. Not everything is like this, though — the pair pointed out Discord as an example, which didn’t patch out the vulnerability until January 17th.

With that in mind, it’s probably best to assume any screenshot you’ve taken and edited on a Pixel phone in the last five or so years could be reverse-engineered to recover the edited parts of the image.

Moreover, the March patch only rolled out to the Pixel 4a, 5a, 7 and 7 Pro, with the update delayed for the Pixel 6 series (though it’s supposed to roll out on March 20th).

You can learn more about the aCropalypse exploit here or try a demo of it here.

Source: Aarons, Buchanan, Via: The Verge

Categories
Mobile Syrup

Samsung, Pixel devices vulnerable to exploits that expose calls and texts

Google’s ‘Project Zero,’ an in-house team of cybersecurity experts and analysts, warned in a new blog post of 18 different potential exploits in some phones using Samsung’s Exynos modems. That includes devices from Samsung, Vivo and Google’s own Pixel line (more on the specific devices below).

Project Zero warns that the exploits are severe and should be treated as zero-day vulnerabilities — the term ‘zero-day’ refers to recently-discovered exploits that software makers and manufacturers have zero days to fix. The exploits could allow malicious actors to compromise a device just by knowing the associated phone number, and the device’s owner wouldn’t notice a thing.

Specifically, four of the 18 exploits could allow a malicious actor to gain access to the data coming in and out of a device’s modem using just the phone number. That data includes things like phone calls and text messages. Particularly concerning is that this could be done remotely, while some of the other vulnerabilities would require local access to a device.

Project Zero recommends that people with affected devices install upcoming security updates as soon as possible to protect themselves from the vulnerability, though when those updates will arrive varies by manufacturer. Google included a patch for some of the flaws in its March 2023 security update for Pixel phones, for example. Impacted devices include:

  • Samsung phones including the Galaxy S22 series, the Galaxy M33, M13, M12, A71, A53, A33, A21, A13, A12 and A04
  • Vivo phones including the S16, S15, S6, X70, X60 and X30
  • Google Pixel 6 and 7 series
  • Wearables using the Exynos W920 chipset
  • Vehicles that use the Exynos Auto T5123 chipset

Those with an affected device will want to take a few steps to mitigate risks until patches arrive. Project Zero advises people to turn off Wi-Fi calling and Voice-over-LTE (VoLTE) — you should be able to find both of these in the Settings menu under Network & internet > SIMs, though the exact location may vary from device to device.

Project Zero reported the exploits to manufacturers in late 2022 and early 2024, but the team withheld publication for four other vulnerabilities due to the ongoing severity.

Source: Project Zero Via: CNET

Categories
Mobile Syrup

All Google One subscription tiers now get VPN access

Google One subscribers who aren’t on the service’s ‘Premium’ tier will get access to Google’s VPN service.

The search giant announced in a blog post that the VPN will be available to all Google One subscribers, even though on the company’s $2.79/mo ‘Basic’ plan. Previously, you needed to subscribe to the $13.99/mo Premium tier to get VPN access.

The change applies to all countries where Google VPN is available, which includes Canada. You can find a full list here. To access Google VPN, you’ll need to download the Google One app from the app store on your Android smartphone or iPhone. At the time of writing, I didn’t have access to the VPN despite being subscribed to the Standard plan. Google says the feature will roll out “over the next few weeks.”

It’s worth noting that Pixel 7 and 7 Pro owners still get access to Google VPN for free without needing to subscribe to Google One. While that’s good for Pixel owners, I also imagine most Pixel owners subscribe to Google One, so the VPN benefit is basically moot now.

Google also announced One subscriber in the U.S. can get a feature called ‘Dark web report.’ This can scan the dark web for your personal information and warn you if your information was compromised, though you need to provide the info to Google first so it can look for it. It remains to be seen if this expands to more locations in the future.

In Canada, Google one starts at $2.79/mo and goes all the way up to $35.99/mo:

  • Basic (100GB) – $2.79/mo | 27.99/year
  • Standard (200GB) – $3.99/mo | $39.99/year
    Premium (2TB) – $13.99/mo | $139.99/year
    Premium (5TB) – $35.99/mo | $359.99/year

Source: Google Via: The Verge

Categories
Mobile Syrup

Fix for YouTube video causing Pixel crash to roll out in March

We recently reported about a bug that causes the Pixel 6 and 7 series to crash and reboot.

The bug in question involves playing a specific YouTube video, after which the Pixel device automatically crashes and soft-reboots, sometimes resulting in users losing cellular connectivity for a few minutes. The issue first surfaced in a Reddit post made by ‘OGPixel5‘ on Sunday, February 26th.

Now, as first shared by 9to5Google, Google has confirmed that it knows about the problem and is working on a fix. The issue will reportedly be addressed in the March Pixel update.

Google didn’t share details about what’s causing the problem. Back in 2020, an image surfaced on Reddit that caused Android smartphones to crash when it was set as the phone wallpaper. The reasoning behind the crash was that the device was reading the colour space used in the photo incorrectly. The result is that a specific value at a certain point exceeds its defined maximum, which leads to an ‘out-of-bounds exception’ and crashes the System UI. It is unclear if the YouTube video crash is because of the same issue.

Further, according to 9to5Google, the problem seems to be less prominent on Pixel devices running the Android QPR Beta and Android 14 Developer Preview 1. If you’re not on one of those two builds, it would be prudent to refrain from playing the video. A video of the glitch in action can be found below:

Source: 9to5Google

Categories
Mobile Syrup

Android 14 includes in-development features to convert, transfer eSIMs

Android 14 may pave the way for other smartphone makers to follow Apple in going all-in on eSIM.

For those unfamiliar with eSIM, it’s a smartphone technology that replaces the need for a physical SIM card, meaning no need for a SIM card tray in your phone. Unsurprisingly, there are pros and cons to this — eSIMs enable less waste and some proponents have suggested eSIMs could reduce carrier control over customers by making it easier to switch providers. However, restrictive activation practices and other complications have prevented that from being the case.

For years, most smartphones have offered both eSIM and physical SIM options, but Apple removed the physical SIM on its iPhone 14 line in the U.S., for better and worse. (Here in Canada, the iPhone 14 line still offers a physical SIM card).

However, the first developer preview of Android 14 includes an updated Settings app with new options for eSIM. As spotted by Mishaal Rahman, senior technical editor at Esper, the new settings app contains an option called ‘Convert to eSIM’ (via Android Police). Although not totally clear, it seems this would convert a physical SIM card into an eSIM. The related settings page appears to still be in development and only shows up in search.

Moreover, Rahman says Android 14 DP1 preps an option to transfer eSIMs between different devices. However, these new settings options don’t work on their own and require additional resources. Rahman found the resources in the pre-installed SIM manager app that Pixel phones use for various background SIM card and network-related features. Android Police noted these resources were added as early as the second Android 13 QPR2 beta in January.

On the surface, these improvements sound like they could address some of the pain points of eSIM, but Rahman notes that carriers will need to support activating newly created eSIMs — given how carriers are, I’m sure you can guess how this will go. Similarly, transferring an eSIM from one device to another isn’t part of the eSIM spec, so it’s not clear whether this will be a Pixel-specific feature or if it will work for Android devices in general. The iPhone has a similar issue where it can transfer eSIMs from iPhone to iPhone, but not to or from Android.

You can learn more about Android 14 DP1 here.

Source: Mishaal Rahman Via: Android Police

Categories
Mobile Syrup

The Pixel 7 Pros have an issue with buttons falling off

Throughout the years, we’ve seen a lot of problems with Google’s Pixel smartphones, so another Pixel 7 Pro issue isn’t all that weird. Now, an Android Central writer has noticed that the volume rocker has popped off his Pixel 7 Pro.

According to AC, people have been complaining about this issue since the launch of the Pixel 7 back in October, but a lot of the complaints came around New Year’s. Complaints have hit the Google Support Forums and Reddit about others who have had this issue.

It’s unclear if this is only a Pixel 7 Pro issue, but many people complaining are owners of the larger flagship. This seems to be a manufacturer’s defect, but it also can be considered wear and tear, so hopefully, this issue is covered under warranty.

I haven’t had this issue, nor has MobileSyrup‘s Jon Lamont, who has a Pixel 7.

The phone also has other issues, like how easy it is to scratch, which I noticed during my first week of reviewing.

Let us know in the comments below if you’ve had this issue.

Source: Android Central

Categories
Mobile Syrup

Google working on lock screen customization, shortcuts for Android 13

Google appears to be working on improving the lock screen customization options for Pixel phones.

Mishaal Rahman, senior technical editor for Esper, shared several glimpses of the work-in-progress changes in a recent tweet thread (via Android Police). Rahman was able to find most of the details in the third Android 13 QPR2 beta.

First up, Rahman detailed a new preview user interface (UI) for picking a wallpaper and style. This includes a new fullscreen preview and some other tweaks. However, Rahman notes it appears unfinished (he suspects Google is making room for several upcoming customization options like custom clocks and lock screen shortcuts).

Rahman then shared a look at the lock screen shortcuts feature, which lets users assign functions to a left and right button. Some of the functions visible in the screenshots include turning on the flashlight, do not disturb, and smart home device controls. There’s also an option to pick a custom lock screen clock, and Rahman points to a Twitter thread he made in mid-January about the new clock options.

To activate the new lock screen shortcuts, Rahman says you have to long-press them instead of simply tapping them, which should help reduce accidental activations.

Overall, it looks like a future Android update will enable a ton of customization options on Pixel phones, bringing them more in line with Samsung and Apple — both companies offer ways to customize your lock screen.

Android Police suggests the features will arrive with the next Pixel Feature Drop, which should release in March 2023.

Source: @MishaalRahman Via: Android Police

Categories
Mobile Syrup

You can now set a custom alarm sound on your Pixel phone

Not happy with the plethora of alarm sounds available on your Pixel phone? Not sated by pulling songs from streaming services like Spotify or YouTube Music? Well, now you can record your own wake-up sounds for the ultimate morning experience.

As spotted by XDA Developers via (The Verge), the Android Clock app on Pixel phones now has the option to record an alarm sound. While the Clock app can be downloaded on any Android phone, the recording feature seems limited to Pixel phones since it relies on the Pixel-exclusive Recorder app.

To access the feature, head into the Clock app and either create a new alarm or tap on an existing alarm. Then, tap the alarm sound — look for a bell icon with text that says “Default (Bright Morning)” (although the text might change depending on the default alarm sound for your device or if you’ve previously changed the alarm sound).

You’re then greeted with the screen for selecting an alarm, and you should see a ‘Record new’ option at the top under the ‘Sounds’ menu. Tapping that sends you to the Recorder app to record a sound.

It’s worth noting that it was possible to set custom alarm sounds before this, but it was certainly less convenient. The process involved copying the files over with a file manager app and adding them to the alarm sound settings. This new feature is far, far easier — so easy that I might just set a custom alarm sound for myself.

Source: XDA Developers Via: The Verge