Researchers have discovered a side-channel attack called Pixnapping that exploits Android APIs and GPU features to covertly steal 2FA codes and sensitive data from Google and Samsung devices. Google has released patches for the vulnerability, but some weaknesses like app installer bypass remain unpatched. #Pixnapping #AndroidVulnerability
Keypoints
- The Pixnapping attack targets Android devices by exploiting a pixel-stealing framework using Android APIs and GPU side-channels.
- The attack can extract 2FA codes, Google Maps timelines, and other sensitive information without user knowledge.
- Any Android app, even without special permissions, can execute the attack if the user installs and launches it.
- Google released patches for the CVE-2025-48561 vulnerability in September 2025 but some bypass methods like app list querying remain unpatched.
- The research highlights the challenge of layered app security due to the collaborative design of Androidβs app interaction system.
Read More: https://thehackernews.com/2025/10/new-pixnapping-android-flaw-lets-rogue.html