Skip to main content

How to Hack a Computer Using Just An Image 2015

Next time when someone sends you a photo of a cute cat or a hot chick than be careful before you click on the image to view — it might hack your machine.


Yes, the normal looking images could hack your computers — thanks to a technique discovered by security researcher Saumil Shah from India.

Dubbed "Stegosploit," the technique lets hackers hide malicious code inside the pixels of an image, hiding a malware exploit in plain sight to infect target victims.

Just look at the image and you are HACKED!


Shah demonstrated the technique during a talk titled, "Stegosploit: Hacking With Pictures," he gave on Thursday at the Amsterdam hacking conference Hack In The Box.

According to Shah, "a good exploit is one that is delivered in style."

Keeping this in mind, Shah discovered a way to hide malicious code directly into an image, rather than hiding it in email attachments, PDFs or other types of files that are typically used to deliver and spread malicious exploits.

To do so, Shah used Steganography — a technique of hiding messages and contents within a digital graphic image, making the messages impossible to spot with the naked eye.

Here's How to Hack digital pictures to send malicious exploits:


Until now Steganography is used to communicate secretly with each other by disguising a message in a way that anyone intercepting the communication will not realise it's true purpose.

Steganography is also being used by terrorist organisations to communicate securely with each other by sending messages to image and video files, due to which NSA officials are forced to watch Pornand much porn.

However in this case, instead of secret messages, the malicious code or exploit is encoded inside the image’s pixels, which is then decoded using an HTML 5 Canvas element that allows for dynamic, scriptable rendering of images.

The "Secret Sauce" behind Stegosploit — this is what Shah calls it.


"I don’t need to host a blog," Shah told Motherboard, "I don’t need to host a website at all. I don’t even need to register a domain. I can [just] take an image, upload it somewhere and if I just point you toward that image, and you load this image in a browser, it will detonate."
The malicious code, dubbed IMAJS, is a combination of both image code as well as JavaScript hidden into a JPG or PNG image file. Shah hides the malicious code within the image’s pixels, and unless somebody zoom a lot into it, the image looks just fine from the outside.


Video Demonstration:


Shah demonstrated to Lorenzo Franceschi of Motherboard exactly how his hack works. He used Franceschi’s profile picture and then prepared a demonstration video using his picture as the scapegoat.

In the first video presentation, Shah shows a step by step process on how it is possible to hide malicious code inside an image file using steganography technique. You can watch the video given below:



In the second video, Shah shows how his Stegosploit actually works. His exploit works only when the target opens the image file on his or her web browser and clicks on the picture.

You are HACKED!

Once the image is clicked, the system’s CPU shoots up to 100 percent usage, which indicates the exploit successfully worked. The malicious code IMAJS then sends the target machine’s data back to the attacker, thereby creating a text file on the target computer that says — "You are hacked!"



Shah also has programmed his malicious image to do more stealthy tasks, like downloading and installing spyware on victim’s machine, as well as stealing sensitive data out of the victim’s computer.

The bottom line here is:


You should not presume the image files as "innocent" anymore, as they can hide malicious code deep inside its pixels that could infect your computers.

Therefore, always make sure before you click on one.


Shah has been working on the research [PDF] during his spare time for almost five years, but he has not tested his technique on popular image sharing websites like Dropbox or Imgur. He also admitted that his method might not work everywhere.

SOURCE- THEHACKERNEWS
Labels:

Comments

Post a Comment

Popular Posts

Create Your Own Social Networking Site

Create Your Own Social Networking Site JCOW: Ethical Hacking Top 10 reasons to choose Jcow:- 1. Handle more traffic - Clean codes and Dynamic caching can lower the CPU load and  speed up your website. 2 Make your site more interactive - Well designed Jcow applications help you members to connect and communicate with others more effectively. 3 Add questions to the Registration Form - You can add new member fields, which will be displayed to the registration form, profile form, and the member browsing form. 4 Easily share stuff - Within the AJAX sharing Box, your members can publish status,  photos, videos, and blogs. 5 Customize and Extend your Jcow Network - A Jcow network consists of core apps(like "Friends" and "Messages") and optional apps(like "Blogs" and ""Videos"). You can enable/disable optional apps. You can also develop your own apps. 6 Every profile could be Unique - Members can customize their own profile theme and  add music play
Post a Comment
Read more

Frank Abagnale Criminal

Frank Abagnale Synopsis Frank Abagnale became notorious for impersonating a pilot, a doctor, and a laywer while in his early 20s. He was arrested at 21 by the French police, and later hired by the FBI to teach them his fradulent tricks. He started his own consultating agency, educating corporations, financial institutions and government agencies Early Life Frank Abagnale Jr. was born on April 27, 1948, in Bronxville, New York. He was one of four children born to parents Frank Abagnale Sr. and Paulette Abagnale. The couple met in Algiers during World War II, while Frank Sr. was stationed in Oran. After the war, they moved to New York, where Frank started a stationery business on Madison Avenue. Frank Jr. had a happy childhood, and was especially close to his father. When his mother decided unexpectedly to leave his father, however, the young Frank's life was turned upside-down. Not only were his siblings devastated, but so was his father, who was still very much in lov
Post a Comment
Read more

The Meaning or Definition of Personality According to Experts

Etymological Meaning of Personality - English word 'Personality' has been derived from the Latin word 'Persona'. The word 'Persona' first used in Greek for meaning of theatrical mask which the Greek actors commonly used to wear on their face before coming to the stage for acting. In this sense, in the olden days personality was meant the outward appearance of a person. Today the term personality is explained in various ways. Definitions of Personality :- Personality has been defined by different psychologists in different ways. Following are some of the definitions of personality : According to R.B. Cattell - "Personality is that which permits a prediction of what a person will do in a given situation." According to Allport - "Personality is the dynamic organization within the individual of those psychological systems that determine his unique adjustment to his environment." According to Morton Prince - "Personality
Post a Comment
Read more