Briley Kenney has written about technology and consumer electronics for nearly two decades. Starting in the days of yore, covering Blackberry, he has a vast array of bylines.
Imagine most of your phone being secure, free from malicious snooping, save for the pixels on the screen. That's the idea behind 'pixnapping', a new form of attack thathave discovered. A malicious app tricks the system into leaking digital pixel data,"one pixel at a time", using transparent layers.
It exploits Android's application programming interfaces to essentially rebuild layered screen captures. It may not sound serious, but using this method, hackers can steal sensitive data like two-factor authentication codes. The technique can siphon information, like 2FA codes, within 14 to 25 seconds — codes expire after 30 seconds. That's enough time to steal and use a valid code, bypassing your secure accounts. It is worrisome, but there is relatively good news. Google already issued a patch that partially mitigates the problem. That patch limits the activities an app can invoke blur on, the function that allows transparent layers, and is what a pixnapping attack uses to capture data. But researchers have found a workaround. The attack, however, is not easy to carry out, and you need to install a malicious Android app first, then open it. Unfortunately, the malicious app does not need extra permissions to carry out the attack. Google says they are issuing an additional patch in the December Android security bulletin. For now, it still exists and could be deployed on many devices, including Samsung and Google Pixel models, used by the researchers to test their work. It's never been more important to patch security vulnerabilities like this. It was recently discoveredDilok Klaisataporn/Getty Images A pixel is a single, tiny dot that constitutes the content you eventually see on your phone's display. Thousands and millions of pixels make up the full image of what you see. But this pixnapping attack is able to isolate them, one-by-one, and then reconstruct the image to discern what you're seeing. It doesn't just affect two-factor authentication codes. For instance, hackers could rebuild anything sensitive shown on screen, even a message from encrypted apps like Signal. This was demonstrated by the research team — although it took 25 to 42 hours to complete. The pixnapping attack takes advantage of something called Android Intents, a core system component that allows apps to communicate with one another and other Android devices, like sharing a photo or file. An intent works like a request, similar to a permission, where one app sends an ask to do something or interact with another app. Basically, the attack uses this process to stack transparent windows over the app it wants to see, then uses changes in the pixels and colors to capture and recombine the context of the content. Yes, you have to install an app that's affected first, and then open it, but would-be thieves could easily disguise an app to look legitimate. Vulnerabilities like the one related to the pixnapping attack are regularly found in today's software, creating a constant cat-and-mouse chase between nefarious hackers and developers or white-hat hackers. One ofrelied on a hidden hardware feature — the Pegasus attack required no link tapping and used an iMessage exploit. Apple patched the vulnerability, but new attacks are continuously being discovered, and used by hackers.
United States Latest News, United States Headlines
Similar News:You can also read news stories similar to this one that we have collected from other news sources.
Android Auto Is Getting Gemini, Google’s AI AssistantGemini is replacing the old Google Assistant, so drivers can now translate messages, search for addresses in emails and more.
Read more »
Android 16 starts rolling out to Nothing PhonesFind the latest technology news and expert tech product reviews. Learn about the latest gadgets and consumer tech products for entertainment, gaming, lifestyle and more.
Read more »
Lenovo's cheapest Android tablet is down to an absurdly low Black Friday priceAdrian, a mobile technology enthusiast since the Nokia 3310 era, has been a dynamic presence in the tech journalism field, contributing to Android Authority, Digital Trends, and Pocketnow before joining PhoneArena in 2018. His expertise spans across various platforms, with a particular fondness for the diversity of the Android ecosystem.
Read more »
Amazon Users 'Love' This Samsung Android Tablet Now Just $160Nichols began his writing journey in 2020 as a contributor for the Akron-based magazine The Devil Strip, where he covered stories about businesses and locations unique to the area. Shortly thereafter, he began cutting his teeth in tech after joining The Mac Observer as a freelance writer.
Read more »
Android Circuit: Galaxy S26 Plans, Pixel’s Gemini AI Boost, Android’s AirDrop SurpriseThis week’s Android headlines: Pixel satellite support in Europe, Samsung’s 2026 Galaxy plans, Honor teases robot phone, Google’s new image ribbon, Android’s AirDrop and more...
Read more »
Android Circuit: Galaxy S26 Plans, Pixel’s Gemini AI Boost, Android’s AirDrop SurpriseThis week’s Android headlines: Pixel satellite support in Europe, Samsung’s 2026 Galaxy plans, Honor teases robot phone, Google’s new image ribbon, Android’s AirDrop and more...
Read more »