Katarzyna Petru
Imagine that your entire smartphone is secure… except for individual pixels on the screen. Sounds absurd? This is exactly what the new attack on Android, called pixnapping, is about. American researchers have discovered a method in which a malicious app can read what you have on your screen, pixel by pixel, using transparent layers and gaps in the system APIs.
The effect? Cybercriminals can recreate the contents of the screen, including 2FA codes, before they expire. In tests, it took 14-25 seconds, which is enough time to take over an account. And yes - it really works.
Google is already patching the problem… but partially
Google has released the first patch that limits the ability to blur and overlay transparent layers - which is the foundation of pixnapping. Unfortunately, researchers have already found a way to bypass this protection. What's worse:
the attack does not require any additional permissions
the only thing the user has to do is install a malicious application and open it
it works on many devices, including Samsungs and Pixels, where the attack was tested
The second, more complete patch is not expected to appear until the December Android security bulletin. Until then, the vulnerability exists and can be exploited. And let me remind you: over one million Androids with a hidden backdoor were recently detected, along with thousands of people who installed infected applications. Pixnapping fits perfectly into this scenario.
How does pixnapping work?
A pixel is the smallest point on your screen. Just one tiny point. Pixnapping analyzes them all one by one and replays the full image. And that means:
previewing 2FA codes
reading messages from apps like Signal
reproducing any sensitive content on the screen
Importantly - this can even be done for encrypted chats. Although in this case, the full reconstruction took researchers from 25 to 42 hours, it is still possible.
The heart of the attack is the Android Intents mechanism
This is a system that allows applications to communicate with each other and perform various actions, such as sharing photos. Pixnapping uses Intents to overlay transparent windows over the victim's application. Changes in colors and pixel intensity allow reading what is underneath. And if the application looks like a normal game, calculator, or photo editor? Most people won't even notice.
A New Chapter in Android's Battle Against Attacks
The world of cybersecurity operates in a cat and mouse rhythm. The iPhone is also not safe - I remind you that one of the most advanced attacks in history, Pegasus, exploited hidden hardware features and zero-click exploits in iMessage. Now Android is struggling with pixnapping - and all signs indicate that this is not the last discovery of its kind.
