"The Pixnapping attack begins when a victim installs a malicious app that later uses Android APIs to launch another app, such as Google Authenticator. The malicious app then performs pixel-level operations on screen regions where the target app is known to display sensitive information. Finally, it exploits a side channel to extract these pixels one by one. The researchers describe this process as being conceptually similar to taking a screenshot of the target app's screen."
"Pixnapping forces sensitive pixels into the rendering pipeline and overlays semi-transparent activities on top of those pixels via Android intents. To induce graphical operations on these pixels, our instantiations use Android's window blur API. To measure rendering time, our instantiations use VSync callbacks The attack uses the GPU.zip side-channel vulnerability, which the researchers say is present in nearly all modern GPUs, including those from AMD, Apple, Arm, Intel, Qualcomm, and Nvidia."
Pixnapping is an Android attack that steals on-screen pixels from other apps by forcing sensitive pixels into the rendering pipeline and extracting them via side channels. A malicious app launches a target app via Android intents, overlays semi-transparent activities, and induces graphical operations using the window blur API while measuring rendering times through VSync callbacks. The exploit leverages the GPU.zip side-channel vulnerability present across major GPU vendors. The attack affects many apps including Signal, Google Authenticator, and Venmo. Practical mitigations include allowing sensitive apps to opt out of layering and restricting attacker measurement capabilities, but no comprehensive defenses currently exist.
Read at InfoQ
Unable to calculate read time
Collection
[
|
...
]