All products
New Android Attack Exposes 2FA Codes and Private Data
Android devices have been found to be vulnerable to a new attack, known as Pixnapping, which can secretly steal two-factor authentication (2FA) codes, location timelines, and other sensitive information in under 30 seconds. This attack requires the installation of a malicious app on an Android phone or tablet, which can then read data displayed on the screen by other installed apps without needing any system permissions.
The researchers who devised Pixnapping have demonstrated its effectiveness on Google Pixel phones and the Samsung Galaxy S25 phone, suggesting that it could be modified to work on other models with additional development. Google released updates last month to mitigate the issue, but the researchers claim that a modified version of the attack can still bypass these mitigations.
Understanding Pixnapping
Pixnapping attacks begin by invoking Android programming interfaces that cause targeted apps, such as authenticators, to display sensitive information on the device screen. The malicious app then performs graphical operations on individual pixels of interest to the attacker, exploiting a side channel to map these pixels to letters, numbers, or shapes, effectively allowing the malicious app to read the sensitive information.
According to the researchers, “Anything that is visible when the target app is opened can be stolen by the malicious app using Pixnapping. Chat messages, 2FA codes, email messages, etc. are all vulnerable since they are visible.” However, if an app stores secret information that is not displayed on the screen, such as a secret key, that information cannot be stolen through Pixnapping.
Comparison to Previous Attacks
Pixnapping bears resemblance to GPU.zip, a 2023 attack that allowed malicious websites to read sensitive visual data, including usernames and passwords, displayed by other websites. GPU.zip exploited side channels in GPUs from major suppliers, and while the vulnerabilities were not fixed, browsers were updated to limit the attack by restricting the ability to open iframes from different domains.
The emergence of Pixnapping highlights the ongoing need for vigilance and innovation in cybersecurity, as new threats continue to evolve and exploit vulnerabilities in our devices and systems. As researchers and developers work to understand and mitigate these attacks, users must remain cautious and proactive in protecting their personal data and security.
For more information on this developing story, including details on the attack and the efforts to combat it, visit Here
Image Credit: arstechnica.com