A new side-channel attack called Pixnapping allows unprivileged Android apps to extract sensitive visual data, including 2FA codes and private messages, by exploiting graphical rendering processes. Despite recent patches from Google, the attack demonstrates ongoing vulnerabilities in modern Android devices, impacting various apps and systems. #Pixnapping #AndroidSecurity
Keypoints
- Pixnapping is a side-channel attack that extracts screen pixels from Android apps without needing permissions.
- The attack can recover sensitive data like 2FA codes, messages, and private information within seconds.
- Google attempted to fix the vulnerability with a patch in September, but the bypass was demonstrated shortly after.
- Devices from Google Pixel and Samsung Galaxy series running Android 13 through 16 are vulnerable to this attack.
- Researchers found that many popular apps, including Signal and Gmail, can be targeted using this method.