Katarzyna Petru
Imagine that your entire smartphone is secure… apart from individual pixels on the screen. Sounds absurd? This is exactly what the new attack on Android, called pixnapping, involves. American scientists have discovered a method whereby a malicious app can read what you have on your screen, pixel by pixel, using transparent layers and gaps in the system's APIs.
The result? Cybercriminals can reproduce the content of the screen, including 2FA codes, before they expire. In tests, this took 14-25 seconds, which is enough time to take over an account. And yes - it really works.
Google is already patching the problem... but partially
Google has rolled out the first patch, which limits the ability to blur and overlay transparent layers - the very foundation of pixnapping. Unfortunately, researchers have already found a way to bypass this security measure. What's worse:
the attack requires no additional permissions
the only thing the user has to do is install a malicious app and open it
it works on many devices, including Samsungs and Pixels, on which the attack was tested
The second, more comprehensive patch is expected to appear only in the December Android security bulletin. Until then, the vulnerability exists and can be exploited. And let me remind you: recently over a million Androids with a hidden backdoor were detected, along with thousands of people who installed infected applications. Pixnapping fits perfectly into this scenario.
How does pixnapping work?
A pixel is the smallest point on your screen. Just one little dot. Pixnapping analyses them all in sequence and reproduces the full image. And that means:
preview of 2FA codes
reading messages from apps like Signal
reproduction of any sensitive content on the screen
Importantly – this can even be done for encrypted chats. Although in this case, the full reconstruction took researchers from 25 to 42 hours, it is still possible.
The heart of the attack is the Android Intents mechanism
This is a system that allows applications to communicate with each other and perform various actions, e.g. share photos. Pixnapping uses Intents to overlay transparent windows over the victim's application. Changes in colour and intensity of pixels allow reading what is underneath. And what if the application looks like a normal game, calculator, or photo editor? Most people won't even notice.
New chapter in the fight against attacks on Android
The world of cybersecurity operates in a cat and mouse rhythm. The iPhone is also not safe – I remind you that one of the most advanced attacks in history, Pegasus, exploited hidden hardware features and zero-click exploits in iMessage. Now Android is grappling with pixnapping – and all indications are this won’t be the last discovery of its kind.
