Skip to main content

How to Hack a Computer Using Just An Image 2015

Next time when someone sends you a photo of a cute cat or a hot chick than be careful before you click on the image to view — it might hack your machine.


Yes, the normal looking images could hack your computers — thanks to a technique discovered by security researcher Saumil Shah from India.

Dubbed "Stegosploit," the technique lets hackers hide malicious code inside the pixels of an image, hiding a malware exploit in plain sight to infect target victims.

Just look at the image and you are HACKED!


Shah demonstrated the technique during a talk titled, "Stegosploit: Hacking With Pictures," he gave on Thursday at the Amsterdam hacking conference Hack In The Box.

According to Shah, "a good exploit is one that is delivered in style."

Keeping this in mind, Shah discovered a way to hide malicious code directly into an image, rather than hiding it in email attachments, PDFs or other types of files that are typically used to deliver and spread malicious exploits.

To do so, Shah used Steganography — a technique of hiding messages and contents within a digital graphic image, making the messages impossible to spot with the naked eye.

Here's How to Hack digital pictures to send malicious exploits:


Until now Steganography is used to communicate secretly with each other by disguising a message in a way that anyone intercepting the communication will not realise it's true purpose.

Steganography is also being used by terrorist organisations to communicate securely with each other by sending messages to image and video files, due to which NSA officials are forced to watch Pornand much porn.

However in this case, instead of secret messages, the malicious code or exploit is encoded inside the image’s pixels, which is then decoded using an HTML 5 Canvas element that allows for dynamic, scriptable rendering of images.

The "Secret Sauce" behind Stegosploit — this is what Shah calls it.


"I don’t need to host a blog," Shah told Motherboard, "I don’t need to host a website at all. I don’t even need to register a domain. I can [just] take an image, upload it somewhere and if I just point you toward that image, and you load this image in a browser, it will detonate."
The malicious code, dubbed IMAJS, is a combination of both image code as well as JavaScript hidden into a JPG or PNG image file. Shah hides the malicious code within the image’s pixels, and unless somebody zoom a lot into it, the image looks just fine from the outside.


Video Demonstration:


Shah demonstrated to Lorenzo Franceschi of Motherboard exactly how his hack works. He used Franceschi’s profile picture and then prepared a demonstration video using his picture as the scapegoat.

In the first video presentation, Shah shows a step by step process on how it is possible to hide malicious code inside an image file using steganography technique. You can watch the video given below:



In the second video, Shah shows how his Stegosploit actually works. His exploit works only when the target opens the image file on his or her web browser and clicks on the picture.

You are HACKED!

Once the image is clicked, the system’s CPU shoots up to 100 percent usage, which indicates the exploit successfully worked. The malicious code IMAJS then sends the target machine’s data back to the attacker, thereby creating a text file on the target computer that says — "You are hacked!"



Shah also has programmed his malicious image to do more stealthy tasks, like downloading and installing spyware on victim’s machine, as well as stealing sensitive data out of the victim’s computer.

The bottom line here is:


You should not presume the image files as "innocent" anymore, as they can hide malicious code deep inside its pixels that could infect your computers.

Therefore, always make sure before you click on one.


Shah has been working on the research [PDF] during his spare time for almost five years, but he has not tested his technique on popular image sharing websites like Dropbox or Imgur. He also admitted that his method might not work everywhere.

SOURCE- THEHACKERNEWS
Labels:

Comments

Post a Comment

Popular Posts

Create Your Own Social Networking Site

Create Your Own Social Networking Site JCOW: Ethical Hacking Top 10 reasons to choose Jcow:- 1. Handle more traffic - Clean codes and Dynamic caching can lower the CPU load and  speed up your website. 2 Make your site more interactive - Well designed Jcow applications help you members to connect and communicate with others more effectively. 3 Add questions to the Registration Form - You can add new member fields, which will be displayed to the registration form, profile form, and the member browsing form. 4 Easily share stuff - Within the AJAX sharing Box, your members can publish status,  photos, videos, and blogs. 5 Customize and Extend your Jcow Network - A Jcow network consists of core apps(like "Friends" and "Messages") and optional apps(like "Blogs" and ""Videos"). You can enable/disable optional apps. You can also develop your own apps. 6 Every profile could be Unique - Members can customize their own profile theme and  add music play...
Post a Comment
Read more

Latest Notepad Tricks 2015 !!

By these  Latest Notepad Tricks 2015   you will be having great fun. You just need is to copy the code from here and paste in the notepad and save it with extension “ .bat ” .  1 Notepad trick to Test Antivirus :- By using these trick you can easily test your antivirus working perfectly or not. X5O!P%@AP[4PZX54(P^) 7CC)7}$EICAR-STANDARD- ANTIVIRUS-TEST-FILE!$H+H* save it as test.exe and run the file and check if your antivirus detects it then your antivirus working perfectly otherwise change your antivirus. 2 Make A Personal Log-Book or A Diary :- Copy the below code and paste it in notepad and save it as “ log.txt”. .LOG Now every time you open this log file you will have all the log details with date and time. 3 Constantly Repeat Any Messages :-  This is one of the  Latest Notepad tricks  that will repeat any of messages on computer screen repeatedly.Just copy the below code and paste in the notepad and save it as “ message.bat”. @ECHO off...
Post a Comment
Read more

Selecting a minister who is prime: The British Elections

 #10 Downing Street is the British equivalent, in London, of our White House. And there is a mad scramble among seven contenders to sit in it. n the United Kingdom, for the first time in five years, the people are going to the polls. It will happen two weeks from today, and the country with a population just shy of 70 million, a nation that has been out greatest ally almost since the day after we whipped them in our great Revolutionary War and sent them packing, except for the unpleasant time they burned down Washington DC of course, does things a bit differently than we do.  Current Prime Minister, David Cameron They have no president, and what they have, the prime minister, is not elected like our president is. In fact, in the House of Commons, their lower, popularly elected house of 650 members, the people cast the votes for the members of some seven to twelve different parties. The party that gets the most votes usually will then be asked by the Queen to form a government. And t...
Post a Comment
Read more