Android

In what can be described as a truly mysterious phenomenon, an image of a picturesque lake, when set as wallpaper on select Samsung and Google Pixel devices, causes the phone screen and the device to go nuts.

Multiple users have verified the findings and provided speculations, yet no one knows precisely as to why.

Disclosed by Twitter user Ice universe (@UniverseIce), their tweet warned, "Never set this picture as wallpaper, especially for Samsung mobile phone users! It will cause your phone to crash!"

1/1 Continue watching after the ad Loading PodsVisit Advertiser websiteGO TO PAGE
PLAY Top Stories About Connatix V255047 Microsoft PowerToys adds Windows Registry preview feature Read More All Dutch govt networks to use RPKI to prevent BGP hijacking Read More Breached shutdown sparks migration to ARES data leak forums Read More Western Digital struggles to fix massive My Cloud outage, offers workaround Read More Microsoft delays Exchange Online CARs deprecation until 2024 Read More CISA orders agencies to patch Backup Exec bugs used by ransomware gang Read More All Dutch govt networks to use RPKI to preventBGP hijacking All Dutch govt networks to use RPKI to prevent BGP hijacking

Along with the user’s video showing the persistently flickering screen, Twitter user Sebastian (@seb3153) advised the flaw affected certain Google Pixel phones.

"Samsung has received feedback on this type of bug in mid-May and has resolved this issue. Just wait for the subsequent firmware update and do not take the risk," stated Ice universe.

In some cases, the device hangs altogether, and the only way to get it to work is a hard factory reset, using hardware buttons.

Bogdan Petrovan, Android Authority’s editor and journalist, also provided a video demonstrating the bug and stated it impacted his Google Pixel 2, but not a Huawei Mate 20 Pro.

"I tested it myself," Petrovan said. "First, foolishly, on my daily driver, the Mate 20 Pro, which doesn’t appear to be affected. I was able to replicate the issue on a Google Pixel 2. After setting the image in question as a wallpaper, the phone immediately crashed. It attempted to reboot, but the screen would constantly turn on and off, making it impossible to pass the security screen."

The original image (MD5: f96ea0f4c081b9cc15d77d547864e219 | SHA1: 24906e972db53c8b10dd630e186ce1afcfba005b ) can be obtained from Google’s official bug report filed May 31st, 2020.

The image has the ICC Profile description Google/Skia/E3CADAB7BD3DE5E3436874D2A9DEE126 and can be seen below.

Wallpaper-profile.icc
Wallpaper-profile.icc

For analysis, I’ve extracted and provided the complete ICC profile file. The image does not appear to contain any apparent malicious payload that could otherwise cause an image parser to malfunction.

A "personal take" as to what may cause this issue, provided by Davide Bianco to Android Authority, reads: "The main issue right here is that SystemUI only handles sRGB images for the wallpaper and doesn’t have any check against non-sRGB wallpapers. This can lead to a particular crash in the ImageProcessHelper class, as a variable used to access an array goes over the array bounds."

Bianco is referring to the getHistogram() method, and he is the developer who submitted the bug report and a proposed patch.

Meanwhile, 9to5Google developer Dylan Roussel says that his Android 11 seemed immune to the flaw:

"I also tried crafting my own broken image with photoshop or gimp, but SysUI always converted the image to the safe color space, leading to no crash (but a loss of colors ofc)," stated Roussel. "I even tried extracting the broken image color profile and using it in a new image, but still couldn’t get SysUI to crash."

Further updates provided by developers Romain Guy and Mishaal Rahman indicate the cause for the bug is actually a rounding issue in the ImageProcessHelper class and has nothing to do with the concept of “safe color space."

The new findings were also accepted by Roussel, in a tweet. 

The “internal matrix calculation” rounds up (similar to the ceiling function) the decimal values of R, G, B. These rounded up values when summed up could very well exceed the array size in some cases, leading to an array index out-of-bounds error, and crashing the application. 

Google is currently reviewing a solution internally for the issue, Rahman posted.

Flaws like these open up a stronger possibility of Denial of Service (DoS) attacks.

Granted, in the case of this bug, user action is a prerequisite to the attack, i.e. the user having to first set the mysterious image as a wallpaper, effectively crashing their own device, this may not always be the case. 

What if the same image parser is being used by the Gallery app, or messaging apps like WhatsApp? Should that be the case, malicious actors could crash your device by simply sending you an innocuous image.

Any BleepingComputer readers with new findings and research related to this issue are encouraged to leave a comment in this article or reach out to us via Direct Message on Twitter.

Update 6/4/20: Added further information about what is causing the crashes.

Related Articles:

Google will require Android apps to let you delete your account

Google finds more Android, iOS zero-days used to install spyware

OpenAI: ChatGPT payment data leak caused by open-source bug

North Korean hackers using Chrome extensions to steal Gmail emails

Google finds 18 zero-day vulnerabilities in Samsung Exynos chipsets