Katarzyna Petru
Imagine that your entire smartphone is secure… apart from individual pixels on the screen. Sounds absurd? This is exactly what the new attack on Android, called pixnapping, is about. American scientists have discovered a method in which a malicious app can read what you have on your screen, pixel by pixel, using transparent layers and gaps in the system's APIs.
The result? Cybercriminals can recreate the content of the screen, including 2FA codes, before they expire. In tests, this took 14-25 seconds, which is long enough to take over an account. And yes - it really works.
Google is already patching the problem… but only partially
Google has released the first patch that restricts the ability to blur and overlay transparent layers - which is the foundation of pixnapping. Unfortunately, researchers have already found a way to bypass this security measure. Worse still:
the attack does not require any additional permissions
all the user has to do is install a malicious app and open it
it works on many devices, including Samsungs and Pixels, on which the attack was tested
The second, more comprehensive patch is not expected to appear until the December Android security bulletin. Until then, the vulnerability exists and can be exploited. And let me remind you: recently, over one million Androids with a hidden backdoor were detected, along with thousands of people who installed infected applications. Pixnapping fits perfectly into this scenario.
How does pixnapping work?
A pixel is the smallest point on your screen. Just one tiny point. Pixnapping analyses them all in sequence and reconstructs the full image. And that means:
preview of 2FA codes
reading messages from applications like Signal
recreating any sensitive content on the screen
Importantly – this can even be done for encrypted chats. Although in this case, the full reconstruction took researchers between 25 to 42 hours, it is still possible.
The heart of the attack is the Android Intents mechanism
It is a system that allows applications to communicate with each other and perform various actions, such as sharing photos. Pixnapping uses Intents to overlay transparent windows over the victim's application. Changes in colour and pixel intensity allow one to read what is underneath. And what if the application looks like a normal game, calculator, or photo editor? Most people won't even notice.
New Chapter in Android's Fight Against Attacks
The world of cybersecurity operates in the rhythm of cat and mouse. The iPhone is also not safe - let me remind you that one of the most advanced attacks in history, Pegasus, exploited hidden hardware features and zero-click exploits in iMessage. Now Android is struggling with pixnapping - and all signs indicate that this will not be the last discovery of this kind.
