Android units are susceptible to a brand new assault that may covertly steal two-factor authentication codes, location timelines, and different non-public information in lower than 30 seconds.
The brand new assault, named Pixnapping by the staff of educational researchers who devised it, requires a sufferer to first set up a malicious app on an Android telephone or pill. The app, which requires no system permissions, can then successfully learn information that every other put in app shows on the display. Pixnapping has been demonstrated on Google Pixel telephones and the Samsung Galaxy S25 telephone and certain may very well be modified to work on different fashions with extra work. Google launched mitigations final month, however the researchers stated a modified model of the assault works even when the replace is put in.
Like taking a screenshot
Pixnapping assaults start with the malicious app invoking Android programming interfaces that trigger the authenticator or different focused apps to ship delicate info to the machine display. The malicious app then runs graphical operations on particular person pixels of curiosity to the attacker. Pixnapping then exploits a facet channel that enables the malicious app to map the pixels at these coordinates to letters, numbers, or shapes.
