"Researchers have uncovered a new class of Android attack based on a years-old data-stealing browser attack method. The technique, dubbed Pixnapping by US-based researchers, allows attackers to stealthily steal sensitive information displayed by other apps or even websites without users ever realizing their data has been compromised. This data can include two-factor authentication (2FA) codes, private messages, and even financial information."
"Pixnapping allows a malicious Android app to 'snap' pixels from other apps or websites by exploiting Android APIs and a GPU hardware side channel known as 'GPU.zip', which leaks information about how the graphics hardware processes visual data. How Pixnapping attacks work Pixnapping works in a three-stage process, with the first being invoking a target app, such as Google Authenticator, to cause sensitive information to be submitted for rendering."
Pixnapping is an Android attack that steals displayed pixels from other apps or websites to capture sensitive data. The technique exploits Android APIs and a GPU hardware side channel called GPU.zip, which leaks how graphics hardware processes visual data. A malicious app invokes a target app to render sensitive content, induces graphical operations on specific pixels, then uses GPU.zip to recover pixels one at a time for optical character recognition. Recovered content can include two-factor authentication codes, private messages, and financial information, and attacks can succeed without requesting Android permissions on modern Pixel and Samsung phones.
Read at IT Pro
Unable to calculate read time
Collection
[
|
...
]