For all those who thought saving passwords as pictures, rather distorted pictures is a great idea – things have changed. A new hacking tool ‘Depix’ is now online that retrieves passwords from pixelized images, such as screenshots.
Depix Tool Deciphering Pixelized Screenshots
A researcher Sipke Mellema, with the alias ‘beurtschipper’ on GitHub, has developed an interesting tool that can decipher pixelized images. Dubbed ‘Depix’, the tool even retrieves passwords from pixelized screenshots, hence debunking the idea of sharing information simply by pixelizating sensitive details like passwords for safety.
Although, reading texts from pixelized images is difficult. That’s why, according to the researcher, many businesses also store passwords in sensitive documents after pixelization.
While no tool could seemingly unearth such information before, Mellema’s tool bears this functionality.
Describing how pixelization works, the researchers stated in his post,
Pixelization describes the process of partially lowering the resolution of an image to censor information. A linear box filter takes a box of pixels, and overwrites the pixels with the average value of all pixels in the box.
As a standard, this process of pixelization is always the same for the same input because the ‘linear box filter is a deterministic algorithm’. Therefore, it becomes possible to retrieve the text behind a pixelized image if the algorithm is known.
Hence, in simple words, Depix works by matching the blocks of a known pixelized text with the blocks of the test image. Though it does not warrant a 100% correct output, it does produce a pretty clear result for a human to guess the correct password.
The tool is freely available on GitHub here, where the researcher has explained how to use it.
Recommended Mitigations
The researcher explained that applying filters or pixelization to images to cover sensitive data isn’t a fool-proof strategy. Many deblurring tools already exist that can retrieve blurred photos. While there wasn’t a specific tool to decipher pixelization, it does exist now.
Therefore, users should always remain careful while removing information in images. As Mellema advises,
Always completely remove sensitive information from images, because obfuscation techniques can disclose recoverable parts of the original value.
Let us know your thoughts in the comments.
1 comment
Thanks for this post Abeerah, I never thought about saving passwords as pictures. Is this important for pishing too?
Los ciberataques por Pishing suceden a diario, es muy fácil caer en ellos y puede generar grandes consecuencias.
Comments are closed.