Windows is slowing down your PC! : 30 Windows services you can disable right now.

Hello Internet, soy tu gatito guion residente. And today I have a topic that effects the majority of computer users and that is windows overhead wasting system resources. This is a topic that many in the tech sphere have covered before and indeed you can even download a PowerShell script that will disable many of these services and telemetry functions. However the problem with this one size fits all approach is that there may be a legitimate reason you want to run one or more of these services or features.

Knowledge is power so today I am going to describe some of the most common of these services, what they do, and why you might want to keep them. I’ll also include a brief guide on how to disable these services so that you can configure your computer to your preferences. Without further ado lets begin; There is a menu on your computer called “Services” the easiest way to access this menu is to simply search for “Services” in your windows search bar. You should see a window that looks like this:

The windows services menu.

Once you’re here the process for disabling a service is as easy as right clicking on a line item, clicking properties and then changing the startup type to disabled in the drop-down menu seen here:

Now that you know how to disable these services lets talk about what they do and why you might want to disable them. Here is a short list of some of the most commonly disabled services and what they do.

  1. Xbox services: These services all pertain to the Xbox functionality integrated into windows 10. You should see 3-4 services that start with Xbox and if you are using your computer for work there is no reason to leave them enabled as they will waste system resources.
  2. Bluetooth services: These services pertain to the Bluetooth protocol, if your system does not have the hardware required to use Bluetooth they can be safely disabled.
  3. Certificate Propagation: The certificate refers to cryptographic certificates used as a form of authentication, however this particular services handles smart cards and if you aren’t using them it is safe to disable.
  4. Connected User Experiences and Telemetry: The astute among you may associate the world Telemetry with Spyware and honestly that assessment is far from wrong, while Telemetry does have legitimate uses in software many companies Microsoft included have gone beyond the stated purpose of Telemetry to instead collect data on users that is then sold to interested parties. At the risk of never being hired by Microsoft I have to say if there is one thing on this list everyone should disable its this.
  5. Downloaded Maps Manager: Exactly what it says on the tin, this service handles mapping data for applications that need it. If you don’t use windows map apps and instead use google maps in a browser then you don’t need this service.
  6. Fax: Another self explanatory service, this handles faxing allowing you to send and receive digital facsimiles of various documents provided you have the appropriate hardware. Depending on what you use your PC for depends on if you need this or not.
  7. GameDVR and Broadcast User Service: This contains functionality for recording game footage, the majority of people will never use this. You may encounter difficulty disabling this service in which case you would need to go into the Registry and change some settings, unless you are already familiar with the Windows Registry its better to just leave things alone than risk causing an issue by attempting to modify the Registry.
  8. Geolocation Service: This is somewhat polarizing, if you value privacy you will most likely want to disable this, which will then prevent windows apps like Weather, Maps, Etc from knowing your location. However if you don’t see the harm in sharing your location and wish to have the convenience of this feature then firstly you probably aren’t a frequent reader of my blog, Welcome! And secondly you’re going to want to leave this enabled.
  9. Microsoft Account Sign-in Assistant: This allows users to sign in with their Microsoft Account, If you’re here reading this I hope you’re using a local user account to log into your PC but if for some reason you are not then you would want to leave this enabled.
  10. Netlogon: Netlogon is used for networking in larger organizations, for home users you’re not going to need this unless for some reason you have a domain. For work computers you shouldn’t be changing your settings based on the advice of a Tech Enthusiast blog without talking with your IT department first and if you are the IT department let me know if you’re hiring.
  11. Parental Controls: This service manages parental controls for child accounts in windows, without it you cant use the parental controls.
  12. Payments and NFC/SE Manager: This is a another hardware/use case specific one, NFC stands for Near Field Communication, its that thing that lets you tap your credit card to pay at the store or link an Amiibo to your Nintendo Switch. If your PC has the hardware and you want to use NFC technology then you should leave it enabled, but this service runs in the background by default and on a gaming PC its a waste of system resources.
  13. Phone Service: This is another weirdly specific one, if you wanted to and you have the right hardware you can connect your phone to your windows PC. For some business users this is a useful feature but many will find it unneeded.
  14. Print Spooler: A Print Spooler holds print jobs in your computers memory and then sends them to the printer when its ready to print. If you want to use a printer then you need this service, however if you do not own a printer or have no intention of printing things from your gaming PC then this is another one that is safe to disable.
  15. Remote Registry: The Windows Registry is a database of configuration options and settings used by various low level parts of your computer, its incredibly powerful if you know how to use it because its working much closer to your computers hardware than most settings options. What this service allows is for remote users to modify registry settings on the computer, there are legitimate applications that use this service but the majority of them are enterprise level applications you would not be running on your home PC. Unless you’re running some kind of software that needs this I would highly recommend disabling it.
  16. Retail Demo Service: If you have ever been to a Bestbuy and tried using one of the display computers then you have seen what this service does. You should disable it unless for some reason you want to use your PC as a retail display.
  17. Smart Card: Smart Card and the two other Smart Card services handle the use of Smart Cards with your PC. This is a very useful security feature for enterprise users however most home PC do not have smart card readers or a need for them so it can be safely disabled.
  18. TCP/IP NetBIOS Helper: This provides support for the NetBIOS over TCP/IP service. What does that mean? Well in non technical terms NetBIOS is what allows you to use networked printers, share files and log on remotely to other computers on your network. NetBIOS is a historically insecure protocol however it is also a useful protocol. If you only have a single PC on your network you use for something like gaming then you can disable this service without issue however if you do want the features NetBIOS provides then you should leave it running.
  19. Telephony: This is used for certain VOIP applications, Faxing, Dial-up modems, some DSL providers, Some VPN’s and various other things related to phone lines. Depending on your circumstances you may be able to disable this without issue but I would not recommend it as it does not run in the background by default and its likely you will find yourself in a position where you need it.
  20. Touch Keyboard and Handwriting Panel Service: This is another hardware specific service, if you have a touchscreen or stylus then this service will be needed to operate properly. However many desktop PC do not have this hardware and can safely disable this service.
  21. WalletService: Honestly I cant find any documentation on this, I believe its related to Microsoft Wallet which has been rebranded as Microsoft Pay. I’ll let you decide for yourself how you feel about this one as I cannot confirm at this time that its safe to disable (although it probably is)
  22. Windows Biometric Service: If you have biometric devices on your PC this is needed to use them. For example a fingerprint reader or face unlocker. If you don’t then you can disable this to free up some system resources.
  23. Windows Error Reporting Service: This service generates error reports and makes log files when programs stop working or responding. It can be safely disabled but then you will not get logs which could be useful in attempting to remedy the problem.
  24. Windows Image Acquisition (WIA): This is used by scanners and cameras, if you don’t use either it can be safely disabled.
  25. Windows Insider Service: This is needed to use the Windows Insider Program, if you don’t use it then you can safely disable this service.
  26. Windows Media Player Network Sharing Service: This uses the UPnP (Universal Plug and Play) protocol to share your Windows Media Player libraries to other networked devices/media players. If you don’t use Windows Media Player then you can disable this.
  27. Windows Camera Frame Server: This allows multiple clients to access video from connected cameras. If you disable it your webcam may stop working, if you don’t have a webcam then its safe to disable.
  28. Windows Connect Now – Config Registrar: This is used for Windows Connect Now, which is Microsoft’s implementation of the notoriously insecure WPS (WiFi Protected Setup) protocol, This can safely be disabled as you should NEVER have WPS enabled on your router because if you do you are literally allowing anyone with a basic knowledge of computers the ability to hack your WiFi. Its dangerous and you cannot afford to be caviler about this.
  29. Windows Mobile Hotspot Service: Just as your phone can use its cellular data connection to allow other devices into the internet so can a cellular enabled windows PC. If you don’t have a cellular enabled computer then this is safe to disable.
  30. Windows Search: Last on our list is Windows Search, if you don’t want to use Windows Search then you can disable this service. However I would highly recommend simply altering your firewall to disable certain features of windows search instead of entirely removing the search bar from your computer. Stay tuned as that is a topic that I hope to cover in the future.

And there you have it folks, that’s Killer Kat’s non exhaustive list of 30 windows services you can disable. Now if you read this far into the article then you’re a Web-Scraper script according to my analytics page, however if you are a human being then you may have noticed that many of these features are not currently running and instead only a handful are running on your PC currently. The reason why is that many of these services will only run if something prompts them to, the automatic ones are usually hardware based because its easier to waste RAM running touchscreen support on all computers than attempt to troubleshoot it when computers with touchscreens aren’t running it.

Windows is designed to run with minimal tech knowledge or user input, and this comes at two costs: One the literal cost of system resources being used by unneeded features thus driving up your electricity bill (and perhaps making users buy stronger computers to compensate), and the second being that Microsoft makes quite a bit of their revenue by collecting and selling information on their users, this is why Windows is so inexpensive and often ships preinstalled on many computers. Selling user data to cover costs is nothing new, most social media sites operate in a similar manner. however selling user data is also the reason why Microsoft really really wants you to use a Microsoft account; It helps them keep track of all of your user data much more efficiently, they aren’t going to spend money hosting the infrastructure for something like the Microsoft account if its going to loose money.

Let me know if you have any questions or if I got anything wrong, the comments below are always open for discussion. If you liked this then consider subscribing to get more content like this delivered to your inbox for free, and with that this is your Resident Script Kitty, Killer Kat signing off stay safe out there in this Cyberpunk dystopia we call home!


The Holiday Season, How it Effects Cybersecurity and What You Should do About it.

Hello once again internet, its me your favorite (and only) Script Kitty here to wish you some holiday cheer as we talk about the holidays and what that means for Cybersecurity.

Every year during the holiday season hundreds of people go online to purchase Christmas gifts for their family members, and this influx of activity has some risk associated with it. Always remember to practice good internet hygiene as holiday themed Phishing attacks are a common occurrence as well as less than reputable sellers hawking counterfeit goods. Just because the amazon listing says it has good reviews or its a name brand product doesn’t mean it is and Amazon knows that but doesn’t care; Pro Tip always make sure you know exactly what you’re buying or at least have a look at the seller page to see if its shady.

I have 2 related articles coming out soon exposing how companies pay Facebook users to leave fake amazon reviews and how Etsy is knowingly selling fake “Handmade” goods and the proof I collected as well as their refusal to remove these products. In the mean time if something seems too good to be true it probably is, don’t risk it.

But what about once all the shopping is over? Does the risk stop once you gather with your loved ones to exchange gifts? No sadly as one big thing to be on the lookout for this holiday season as someone who is informed about Cybersecurity is configuration of new devices. It happens after someone unwraps their new smart toaster, VR headset that makes maps of your house, RGB enabled smart face mask , or something less cyberpunk like a new laptop or smart phone. Every Christmas there is a large influx new poorly secured devices coming online and the attackers know it. Many people rush to set up these devices as fast as possible and overlook important security controls thus creating this attack surface which in turn shows the true spirit of Christmas by gifting Cyber Criminals with the gift that keeps on giving. This year if you know tech gifts are coming up take the time to discuss with the gift giver beforehand and the recipient afterwards and make sure that best practices are followed and everyone stays safe this Christmas.

And of course no December would be complete without the annual SANS Holiday Hack. As they say on their website:

Join the global cybersecurity community in its most festive cyber security challenge and virtual conference of the year. The SANS Holiday Hack Challenge is a FREE series of super fun, high-quality, hands-on cybersecurity challenges where you learn new skills, help Santa defeat cybersecurity villains, and save the whole holiday season from treachery. The SANS Holiday Hack Challenge is for all skill levels, with a stellar prize at the end for the best of the best entries.

I would highly recommend everyone to check it out even if you’re new to the Infosec community there are lots of great talks by people in the industry, last year I watched a great talk by Josh Wright about open S3 buckets which I highly recommend watching as could security is still as relevant as ever perhaps even more so with more webdevs using cloud based tools. Click this hyperlink to get more information or to start playing and a big thank you to SANS for hosting this event every year. I hope to see you there this year readers, if you see me feel free to say hello.

And with that its Killer Kat signing off until next time happy holidays, stay safe out there and keep tuned for those articles exposing Amazon and Etsy for knowingly allowing fraud on their platforms.


Why I chose Infotainment, and how I think it could help shape our future.

Hello Internet! Once again its me, your resident script kitty here to talk about something meta.

As you are aware I chose to run my InfoSec blog as an infotainment platform and you may be wondering why, I would like to share my thoughts on the matter and how I think more Infotainment could help the industry as a whole.

Now right off the bat I would like to acknowledge some inspirations of mine, The SANS Holiday Hack challenge is probably the best example of infotainment in the Cyber Security sphere at time of writing. I personally enjoy it every year and I know when I was first starting out it helped make many of the complex ideas and discussions around Infosec less intimidating.

I would also like to spotlight some excellent Infosec Youtubers. LiveOverflow & PwnFunction come straight to my mind as excellent examples. Youtube as a platform as really brought infotainment into the mainstream as a medium and as someone who loves a lot of what these YouTubers are doing, and they ways they are making complex topics easy to understand and engage with while also providing free access to education content I think they deserve respect.

PBS digital studios, Game Theory and other independent creators have really spearheaded this trend and what we have seen is a massive increase in both interest and engagement in many topics often considered difficult or dry. I think the Infosec community could benefit greatly from a similar culture. How many times have you had someone say they “Just cant understand all this computer stuff” or “I don’t need to worry about my password or account security that’s what we have you for!” because they don’t understand and/or don’t want to learn even the fundamentals of Cyber Security because they view it as complex or uninteresting.

I think we all know, the human layer is the weakest part of security. This is why user awareness training is so important and why we as an industry invest so heavily into it. If you look around in the modern organization everyone is blueteam, each employee has the potential to either cause a security incident or strengthen the overall security landscape through their actions and knowledge. The future of blue team is going to involve making sure every person on board is aware of the nature of Cyber Security and the risks and potential warning signs that they may encounter.

I feel the next logical step is to move from user awareness training (Which often falls into the infotainment category itself) into a larger infotainment environment. While it may not appeal to everyone creating this media will bring these topics into conversation and provide an easy entry point for anyone who is interesting in learning more about InfoSec who may not have the resources or prior knowledge to learn through more traditional measures.

By taking something important and making it fun we can create a culture of learning and knowledge that will provide benefits to everyone involved. I truly believe that humanity is on the precipice of a new era and that educating people so they are better prepared to face the challenges of our ever evolving digital world is more important than ever.

And that is why I say: Until next time, this is your resident Script Kitty signing off!


HackTheBox Delivery User own Write-up.

Hello Internet, its your resident script kitty here to talk about how I got my first own on a HTB machine. Now that Delivery is retired I can share with you the details of exactly how I got user and the interesting process that it involved.

Interestingly the largest challenge for me to overcome was that I did not initially realize that I would have to manually add the server to my hosts file because of the architecture of the lab environment. For those who are confused like I was allow me to explain, because the HTB boxes are not connected to the internet in order to resolve subdomains you must add the ip and subdomain manually to your hosts file. On Linux its as simple as just doing sudo nano /etc/hosts and making the changes, without this you may repeat my mistake of getting stuck because the subdomain wont load and going down a rabbit hole looking for the solution.

Now with that out of the way lets begin our examination, when first scanning with Nmap we see that there are only a few ports open. 22,80, and 8065. With a open port 80 its pretty obvious our first move, we connect to the server with out web browser and sure enough its a website(Pictures not included sadly as I forgot to take them at the time and I don’t have the premium subscription so I cant get back into retired machines). A cursory examination of the landing page reveals that they have a help desk page, this is where adding the subdomain to your hosts file is important. But perhaps more interesting is that they have a Mattermost server that only requires a @Delivery.htb email address, but how would we get one?

Now this next step took me awhile because as previously mentioned I was unaware of the need to add the subdomain to the hosts file. Once you check out the help desk site you notice 2 things right away, the first is that it generates you an email address based on your ticket number that you can email to update the ticket and the second is that you don’t need any authentication to submit a ticket.

From here the solution is pretty obvious however I did get stuck for a second because when viewing the ticket you have to use the exact same email address you used to submit it, otherwise it wants you to create an account and verify your email address which is impossible because the server is isolated from the internet. I don’t know if this is a quirk of Firefox or if I just didn’t see a space or something but when it auto-filled for me the site would reject the email, I had to manually copy paste the email in.

Now that we have a ticket we can open a new tab and direct our browser to and see the Mattermost page, when creating a new account it sends an email with a link that validates your account however how can we view the email? Simply have it send the email to the ticket updating email we got in the last step, once sent you can see it updates the ticket and you are able to click the link and login.

Now that we are in the Matermost server we can see that the admin has left a few messages that give us exactly what we need, the login for a user with standard privileges and instructions for what we need to do if we want to get root on the box.

The next step is as simple as logging into the server via SSH on port 22 and doing cat user.txt and submitting the hash. Now I wont be covering root here today as I don’t currently have access to the retired machines, but if you’re interested the official walk though has been posted now that the machine is retired.

That’s all I have for you in this one, but if you liked this write-up please consider subscribing so you can get even more Infosec content like this, and if you have any thoughts or questions you can leave them in the comments below. Until next time, this is your resident script kitty signing off.


Blog Update 2021

Hello internet, Its been quite some time since my last post. But rest assured that I am still active, after some difficulties attempting to self host and struggling with’s predatory monetization practices I have decided to bite the bullet and purchase a premium subscription.

I have lots of new content to write about as I have been continuing my love of learning about Cybersecurity and various Computer Science and Technology. Stay tuned for a write up of how I got into my first HackTheBox box, My experiments with robotics, how game programing taught me to appreciate C and understand the power of object oriented code, My thoughts on a particularly interesting Cybersecurity book and much more. So stay tuned as I have plans for a regular upload schedule.

In the meantime I’ll be updating the theme of the blog and a few other administrative things. until next time, this is your resident script kitty signing off.


Windows Physical Access Vulnerability, Intentional Backdoor or Gross Incompetence?

Hello once again internet, today I wanted to talk about a pretty old hack that I’m sure most of you are already familiar with: using a windows install USB stick to gain a privileged command line.

Now if you were like me then this hack might have been one of the first that you performed on an actual production system. Whether it was your own system and you just were curious to see if it would work or if like me you had a friend who forgot their password after changing it and said “Hey you’re a hacker right? Can you help me get back into my laptop.”.

The simplicity of this exploit allows even script kiddies to gain control over a windows system provided that they have physical access, this raises the question why hasn’t Microsoft patched this exploit? Today I seek to answer that question, first we are going to look at just how this vulnerability can be exploited and then we are going to look at how it can be prevented, then I’ll share my thoughts on why I think Microsoft hasn’t patched it.

Where this vulnerability really shines is in how simple and easy to use it is, you need 2 things, A windows install loaded onto a USB flash drive and physical access to the target machine. Once you boot to the flash drive you can use a keyboard shortcut to bring up a command line, next you replace one of the executables in the system32 folder with cmd.exe or ftp.exe, restart the computer and boot into the OS and then launch the executable either via keyboard shortcut or by the GUI. This brings up a privileged command line and then you own the system. For an in depth guide I recommend checking out this guide from TrustedSec.

Now lets talk about prevention, this is a relatively easy attack to prevent the obvious solution being secure the machine against physical access. However for use cases where this is infeasible the next step is to disable USB ports or use a bootlocker, if the attacker cant boot from the usb drive or change the executable names then they cant exploit this vulnerability. The third option is anti virus signatures/definitions, tellingly windows even has signatures that allow windows defender to block certain renamed executables preventing this Trojan from occurring however not all combinations are blocked.

Building on that last point lets talk about why this still works, although some combinations of filename/executable are blocked from running Microsoft has allowed some to still function including my personal favorite changing magnify.exe to ftp.exe. Personally I believe this was intentional on Microsoft’s part as there are advantages to leaving a backdoor in windows.

My reasoning is twofold, first because of the numerous ways to prevent such and attack and that it requires physical access I doubt that large organizations are putting pressure on Microsoft for a fix as this will mainly effect end users and personal systems. This allows legitimate technicians and state sponsored intelligence agencies/law enforcement access into these personal devices. And second because this is a well known vulnerability Threat Actors are more likely to attempt this attack instead of looking for other vulnerabilities that leverage physical access, this gives Microsoft and security researchers time to find and address these vulnerabilities before they can be exploited in the wild.

Now I should state that I currently have no affiliation with Microsoft and that I would personally disagree that the vulnerability should be intentionally allowed to remain, however I do feel that Microsoft’s actions or rather inaction in this case is not an example of ignorance but instead is a strategic move on the part of Microsoft.

Let me know your thoughts in the comments down below, and until next time this is your resident Script Kitty signing off.


Digital Wildfire, How to Hack Facebook’s Algorithm to Spread Your Message.

Hello fellow hackers, its your resident script kitty here to talk about some of my recent research. How to use Facebook’s algorithm to spread your message by increasing visibility of posts.

Despite what Hollywood may have you think hacking isn’t always breaking into mainframes by typing binary into a phosphor monitor, if it was all you would need to do is type: color 0a, echo 01110100 01101000 01100101 00100000 01101101 01100001 01110100 01110010 01101001 01111000, and boom you’re Kevin Mitnick. Hacking in its essence is using a system in a way that was unintended to produce a result that favors you, that can be exploiting a system process to gain a root shell or it could be wearing a phone company uniform to gain access to a restricted area.

When it comes to hacking the Facebook algorithm we are going to focus on the second form, how do we make it work for us simply by using its core functions in a way that was unintended? Simple, we do what marketing teams have already been doing but in a more deliberate manner. Facebook’s post algorithm takes in a number of factors before showing a user a post in their news feed, many of these factors are out of our control such as who the user is friends with, the time of day, what geographical area they live in, etc.

What we can control however are some of the most important factors, user engagement. Facebook has come out on record that the reactions weigh the algorithm stronger than likes, in a 2017 statement Facebook said the following:

“So we are updating News Feed to weigh reactions a little more than Likes when taking into account how relevant the story is to each person.” (Source)

In 2018 Facebook made the next important change, prioritizing “meaningful conversations” In their official statement they said the following:

“Page posts that generate conversation between people will show higher in News Feed. For example, live videos often lead to discussion among viewers on Facebook – in fact, live videos on average get six times as many interactions as regular videos. Many creators who post videos on Facebook prompt discussion among their followers, as do posts from celebrities. In Groups, people often interact around public content. Local businesses connect with their communities by posting relevant updates and creating events. And news can help start conversations on important issues.”(Source)

This caused the perfect storm, due to these algorithm changes users were more engaged than ever but what they were engaging with was extremist content due to its natural ability to gather large amounts of reactions and comments. This brought a lot of scrutiny onto Facebook and now they are doing damage control, adding fact checks to misinformation and more importantly changing the algorithm once again.

The more recent change was to give positive reactions more weight than negative reactions, like remains rather neutral while Love, Wow & Angry, Sad give positive and negative weight respectively. Even in my own testing I have been unable to figure out how the Laugh react influences posts, it seems to be positive when its only Laughs but when laugh is used on a post with other reacts its influence is unknown (Probably due to sarcasm) if anyone knows more about how the Laugh influences the algorithm please let me know in the comments below!

So how do we use this to our advantage? Lets say that hypothetically we had a group of individuals that had a message that they wanted to spread, something really important like “Subscribe to the Buf-fur Overflow blog for topical Cyber Security discussion!” what is the best way to get this to as many people as possible? We use the tools we have just defined.

We know that positive reacts give greater weight so a coordinated effort to love every post, even if the content of the post was negative like “The Buf-fur Overflow blog is down for maintenance”. Despite the tragedy in the post prompting a natural want to react with Sad or Angry, the Love, and Wow reacts will spread the message further.

The next is to exploit the comments, a large number of comments with no replies will get flagged by the algorithm as engagement bait so the way around this would be to comment and to reply to others in the comments, for example to spread more information like so:

Commenter 1: The site may be down for maintenance but I know with our support it can be back up and running soon.

Commenter 2: That’s right! Once its back up remember we still have to subscribe to get the latest content!

Commenter @: Here is a link with some more information on server maintenance:

This way Facebook will flag it as an active discussion, thus pushing it back into news feeds even if the user has already seen it. It also helps spread it to users who have not seen it by giving the post more weight.

The third and final strategy is to exploit media types. Some of you might remember the arms race between pages posting images and the Facebook algorithm trying to push video (Source). Well we are going to do the same here, videos especially live videos are highly favored by the algorithm. So instead of text posts we use live videos showing people how to subscribe to the Buf-fur Overflow blog or discussing server maintenance, this gives our message the final push.

With all these tricks combined the whole world will know that the Buf-fur Overflow blog is the best Cyber Security blog on the net! And hopefully you will too thanks to my not so subtle hinting. Now that you have read this I hope you keep it in mind next time you are scrolling through your news feed and at the very least I hope you learned something interesting about how the Facebook algorithm works.

That’s all for now but stay tuned for more Cyber Security discussion!

Signed: Your resident Script Kitty,

~Killer Kat


Wallpaper of Doom, How Color space Can Crash Android Phones.

Hello Internet,

Today I would like to talk about something you may already be familiar with, buzz about a cursed wallpaper that can crash android phones has been making the rounds on social media after an initial post by Twitter user Ice Universe:

“WARNING!!! Never set this picture as wallpaper, especially for Samsung mobile phone users! It will cause your phone to crash! Don’t try it! If someone sends you this picture, please ignore it.”

The Wallpaper Image in question.

The image seen on the left has been causing Android devices especially those manufactured by Samsung to crash and sometimes get stuck into a bootloop.

To understand why we have to look at how Android is set up to handle wallpapers. The wallpaper is part of SysUI and it was designed to use images with the standard RED GREEN BLUE or sRGB color space. However the image in question uses the RGB color space which SysUI wasn’t designed to handle, and instead of converting the image it attempts to process it causing an out of bounds error when SysUI attempts to access an array with the RGB data.

For a more detailed technical explanation I would recommend Android Authority’s post on the subject.

Android users should expect patches soon as there are several known fixes being tested by developers, however in the meantime I would recommend not changing your Android wallpaper.

That’s all for today, but stay tuned for more Cyber Security content,

-Killer Kat