Security researchers have discovered a bug in the Snipping Tool in Microsoft’s Windows OS that poses a threat to privacy. If exploited, the bug can be used to partially or fully recover cropped or blurred-out images.
If you’ve used the Snipping Tool on your Galaxy laptop running Windows to crop or blur out images before sharing them, those bits of information you thought were left out can technically be recovered through this exploit dubbed “aCropalypse.” Of course, this issue is not limited to Galaxy notebooks but seems to affect the Snipping Tool in any device that runs Windows.
What’s more, this bug behaves much of the same as another Android OS exploit that affected Google Pixel phones before the issue was addressed with the release of the March 2023 security patch. (via Tweakers) The bug was discovered by software engineer Chris Blume and confirmed by researcher David Buchanan.
The recovery exploit works because the Snipping Tool doesn’t delete bits of information when users crop or blur parts of the image. In a way, this is reminiscent of deleting files on a hard drive. When users delete files in Windows OS, the physical location of that data is not erased but flagged as available for other files to overwrite the existing data. And unless new data overwrites the old one, the latter can be recovered.
Similarly, the Snipping Tool doesn’t seem to delete parts of saved images that have been cropped or blurred out. As a result, these bits of the image can be recovered, reportedly with minimal effort.
Google addressed the issue on its Pixel phones with the release of the March 2023 security update. Microsoft has yet to release a fix or a statement, which means that Windows machines — including the new Galaxy Book 3 series from Samsung — still use this bugged-out Snipping Tool that can be exploited to recover images seemingly out of nothing.