Can I be hacked by just clicking on an image in email?

I opened an email and clicked on image in it to be displayed as a preview. Can the sender use this to hack my computer?

I'm using fedora 25 I opened the image from outlook webmail.

So I want to know If I have to reinstall a new operating system or it's safe?

darroosh

Posted 2017-03-15T13:29:54.090

Reputation: 155

2It depends. If you open a file thinking it's an image, and it's not actually an image, then you could actually be opening a malicious file. "So I want to know If I have to reinstall a new operating system or it's safe?" - This is only something you can determined based on the determination, that you trust the person, who sent the attachment. – Ramhound – 2017-03-15T13:42:55.003

This type of question really belongs here: https://security.stackexchange.com/

– 에이바 – 2017-03-15T13:56:55.637

2@에이바 The question – although it's a little broad – is also on-topic here. It's not really necessary to push questions somewhere else when they can also be answered on a particular site. – slhck – 2017-03-15T16:45:09.413

Assuming there are no bugs in the image handling of your email client/browser, the biggest risk here is cross-site request forgery which has no impact on your local machine.

– JimmyJames – 2017-03-15T18:25:04.633

It might be okay to ask this on this forum, like this : https://superuser.com/questions/966551/is-it-possible-to-embed-a-keylogger-into-a-jpg-image

– Tech-IO – 2017-03-19T20:01:18.613

Answers

In most cases, no. In older, unpatched systems, maybe, or using very specific exploits in very specific formats.

With most modern OSes, such exploits are proactively patched, and most systems have fairly sensible defaults for permissions.

Considering the relatively small number of linux systems of a specific distro, DE and version - its pretty unlikely.

In this specific case you'd need to open an image that's not an image, which would run some script or payload that would then exploit your system. Its unlikely.

If you saw a log in screen, and well, logged in, change that password - I suppose images might be handy to phish, a simple image should be harmless on its own

So, no, you don't need to reinstall your OS if you don't want to, and from the information you've given this seems excessively paranoid.

Journeyman Geek

Posted 2017-03-15T13:29:54.090

Reputation: 119 122

could it theoretically set a cookie locally? or leave a trace file? – DeerSpotter – 2017-03-15T15:52:42.923

If it was a http link it could probably read and set cookies if it was connected by your web-browser and you were not by default in "cookie conservative mode". – mathreadler – 2017-03-15T16:01:02.653

and if it's not http? I mean if it's a real image, could it be harmful? – darroosh – 2017-03-25T17:53:42.127

Theoretically yes, you could have been subject to attack. However the following concerns apply:

I don't see how your PC could have been infected with the malware after previewing the image in the email. This procedure does not involve code execution so you did not execute any code from unknown source
Reinstalling the OS is excessive measure and will not provide security benefits. Don't do it unless you have other good reasons to do so.
The worst thing that could have happened - some of your private data could have been stolen (chances are really low because Outlook Web Email is regularly patched for secuirty). This may include your physical location, IP address, browser version and potential some identification data for your web mail
If you want to be extra careful, change your email password and block the suspiciou sender, That's about as much as you can do.
Also report the original email sender to your mail provider if you believe the email was suspicious

Art Gertner

Posted 2017-03-15T13:29:54.090

Reputation: 6 417

It involves execution of the appropriate image codec to decompress the image. You cannot rule out the existence of vulnerabilities in there. – b0fh – 2017-03-17T12:33:56.313

@b0fh, and I don't. That's why I mentioned that Outlook Web Email is regularly patched for security. It is essential to use regularly updated software to stay secure – Art Gertner – 2017-03-17T12:49:19.403

I was addressing your first point: the path does exist, and we have seen exploitable vulnerabilities in various jpeg libraries in the past. And in this scenario, the codec is part of the web browser, the patch status of OWE is irrelevant. – b0fh – 2017-03-17T13:07:15.523

If you have allowed HTML in emails, the image could be a hyper-link to a site which connects the e-mail address they sent to (encoded in the link) to your IP adress which probably tells your whereabouts if you are not using a VPN. Since you probably connect using your default browser then all of browser info which likely identifies you uniquely (according to EFF) could be grabbed. It could go on to fish all your cookies if you are not in non-cookie-hoarding mode gathering lots of info about you, which sites you visit and so on. Probably enough to tie it to the physical person you or at least one of the physical persons who are using the computer you are using.

Not exactly "hacked" as someone controlling your machine. But hacked in the sense someone you don't know probably knows more about you now than your closest family and friends do.

mathreadler

Posted 2017-03-15T13:29:54.090

Reputation: 171

Sorry for late question, But can you explain what is meant by "all of browser info which likely identifies you uniquely", What are these browser info? – darroosh – 2017-06-03T00:24:18.223

@darroosh: there was an experiment by the eff some years ago on the amount of information given by the average user when visiting pages. I don't remember the name of the experiment, but they concluded that most users can be identified uniquely by the combination of informations given to the site in headers, user agents and so on. – mathreadler – 2017-06-03T07:29:08.467

@darroosh: https://www.eff.org/deeplinks/2010/01/tracking-by-user-agent <-- could have been this article, but I am kind of sure there were more bits of information in the one I read.

– mathreadler – 2017-06-03T09:32:30.730

Thanks, So this can occur by visiting pages(i.e. if the image is linking to an external webpage).. But this can't occur if the image is just being displayed larger by the email client when clicking on it? – darroosh – 2017-06-03T09:39:33.633

It depends

It depends from the mail, the image, how is updated your program/system, how it is vulnerable (and this it will be maybe known only later...).

A standard procedure should be:

to check the content of the original email (or ask to someone able to do it).
- I mean not what you see but what it is really: the source code
  (For example load the clean google page and press Ctrl-U to see what that page really is).
- "Original": if it was a trojan horse it should be, in theory, able to execute something and substitute itself. (Really low probability, eventually you may check with your email provider if the mail on their server is the same that you have locally).
Then you may pass to check for the second security problem source:
the image itself and the libraries used to visualize it.
Even if this is a "remote" possibility, go to check if the image is trying to use some kind of exploit and at the same time your system is not protected (for example if you have OpenJPEG 2.1.2+ you should be protected from the known ones; note that your email providers may have already scanned that picture searching for that malicious code too).

Of course you can reinstall the system to be sure, but you should check even all your data when you will put on the new installed system.

IMHO

The possibility you were hacked with a picture preview are little.
You can investigate yourself the code of the email (the more dangerous possibility) and control the library version of OpenJPEG.

In theory there is always the possibility that new exploit are discovered, but it is extremely improbable that you will be the first to experiment them on your own skin.
So keep the defences up and the system updated. (Save the mail and the picture in a secure place for future investigations).

Hastur

Posted 2017-03-15T13:29:54.090

Reputation: 15 043