This new ‘Pixnapping’ exploit can steal everything on your Android screen – even 2FA codes
A new attack method demonstrated by researchers could lead to the theft of two-factor authentication (2FA) codes and more on Android devices, according to industry reports. The flaw is partially patched, although a more complete fix is due in December.
The attack technique, detailed in a paper titled Pixnapping: Bringing Pixel Stealing out of the Stone Age, has been developed by researchers from the University of California, Berkeley, San Diego, Washington, and Carnegie Mellon. Data shows this comes as security teams face increasing threats across platforms, including recent enterprise AI partnerships that require enhanced protection measures.
Dubbed “Pixnapping,” this attack vector begins when a victim unknowingly installs a malicious mobile application on their Android smartphone. Notably, the app doesn’t need to abuse permissions to perform this attack, which exploits existing Android APIs, pixel rendering, and a hardware side channel.
There are three steps to Pixnapping, so-called due to its abuse of pixels rendered by a target app, such as Google Authenticator. The first stage requires the malicious app to invoke a target app and make a system call to prompt the submission of sensitive data to the Android rendering pipeline.
In the second stage, this app will then induce graphical operations (blurring) by launching a “semi-transparent” layer on individual sensitive pixels rendered by the target app. This vulnerability emerges amid broader security concerns, as experts note a 50% surge in UK cyberattacks reported by the NCSC.
The research highlights how attackers can potentially capture everything displayed on Android screens, including time-sensitive 2FA codes that protect financial and personal accounts. Users are advised to remain cautious about app installations while awaiting the comprehensive patch expected in December.
