Apple: Accessing the same content on devices with different operating systems usually doesn’t cause big changes in what you see. The browser interface can change, as the display resolution affects the quality of what is displayed. However, the substance itself is not changed….right?
Crypto engineer David Buchanan wants to break this pattern. The expert created a simple image in PNG format that has the content changed depending on the device.
If you open the image to be viewed on a Windows or Android device, for example, you will see the message “Hello World”. When accessing from an iOS or Mac model, or using the Safari browser, the message changes and becomes “Hello Apple”.
In our tests, we were able to reproduce both versions using a computer running Windows 10 and a second-generation iPad Air with the Safari browser open. However, results may vary by device and system version.
The engineer also created a second version that takes into account a historical rivalry in computing. In the photo below, do you see an IBM PC or an Apple Macintosh? The result may differ depending on the device.
What witchcraft is this?
According to Bleeping Computer, Buchanan’s work was relatively straightforward and involved the concept of “parallel decoding PNGs”.
Depending on how the programming is implemented to render images, the same visual file can present different final contents.
This bug, which the expert doesn’t know yet if it could be a security vulnerability or just a discovery without great applications, occurs because Apple uses its own implementation of how to “read” PNGs.
In creating the image, he was able to implement both interpretations for the same image. If one of them is read normally on Windows or Android devices, nothing happens. If the mechanism is different, as is the case with Apple, the second alternative is used.
Buchanan even showed off the Python code used, generating the “secret message”, and put the work on GitHub under the name Ambiguous PNG Packer, for anyone to create the images with two interpretations.