Cute Cat Images Could be Used to Hack Your Computer and Spy on You
Sending adorable cat images is possibly one of the most easy ways of making someone happy. What wrong could a furry animal image do to your mailbox anyway? We always end up clicking on those cute images, gifs and videos. Seems like that ease and trust humans have on cat images is about to end. Cruel.
How to hack a computer with an image:
It would be better if you think twice before clicking open that image someone sends you on your computer. Turns out it's fairly easy for cute-looking (or even the ones that aren't so cute but we suspect attacker would use cute means to make the victim fall for the trap - clever!) images to hack a computer. While some dear one might not be interested in stealing your data, it's likely that an upset acquaintance might want to spy on you.
Devised by a security research Saumil Shah, Stegosploit technique allows hackers to hide malicious code inside the pixels of an image. Note that the malicious code is NOT hidden in email attachments or other files that are typically used to delivering this kind of exploits.
Believing that "a good exploit is one that is delivered in style," Shah has found a way to hide the exploit directly inside the image rather than the mode it's being transferred through. Hiding the exploit in plain sight, this technique may result in easily infect victim's machines.
Demonstrated in a hacking conference at Amsterdam last week, Shah showed how he used Steganography to hide the malicious code inside the images. Steganography is used to hide messages and contents within a digital image with an attempt to make these messages hidden from the sight. This was traditionally used to communicate secretly by disguising messages in images. In this way, even if the image is seen by intruders or unwanted eyes, the primary content would still remain hidden.
Remember, steganography is the major reason why the folks at NSA have remained in the headlines for the past couple years thanks to their obsessive job requirements of watching porn. Terrorist organizations have used the technique to hide messages inside videos and images.
Hiding malicious code in the image files takes the game to another level. This is not the first time however that we are hearing about such kind of criminal activity. Cybercriminals have long used images to catch their prey.
The technique that Shah has devised injects the harmful code inside the pixels and then decodes then using an HTML 5 Canvas element allowing for dynamic rendering of images. Without requiring any malicious carrier, the image would do all the intended job,
"I don’t need to host a website at all. I don’t even need to register a domain. I can [just] take an image, upload it somewhere and if I just point you toward that image, and you load this image in a browser, it will detonate."
In a video, Shah has demonstrated, how after the victim clicks an image, target machine's CPU shoots up to 100 percent indicating that the exploit has worked. The malicious code, then sends the target's data back to the hacker. It also creates a text file on the victim's machine saying You are hacked!
Not only data, but Shah confirmed that this can also be used for more stealthy tasks including installing spyware on a target machine. Yep, those days of installing spyware through USBs are LONG gone.
This malicious code to hack a computer using images has been dubbed as IMAJS. More details on the research can be accessed here.