Hackers can steal 2FA codes and personal messages from Android telephones

News 617 October 14, 2025 0
008-family-galaxy-s25ultra-titaniumsilverblue-s25plus-navy-s25-icyblue-1152x648.jpg



The brand new assault class is paying homage to GPU.zip, a 2023 assault that allowed malicious web sites to learn the usernames, passwords, and different delicate visible knowledge displayed by different web sites. It labored by exploiting facet channels present in GPUs from all main suppliers. The vulnerabilities that GPU.zip exploited have by no means been fastened. As an alternative, the assault was blocked in browsers by limiting their skill to open iframes, an HTML ingredient that enables one web site (within the case of GPU.zip, a malicious one) to embed the contents of a web site from a distinct area.

Pixnapping targets the identical facet channel as GPU.zip, particularly the exact period of time it takes for a given body to be rendered on the display screen.

“This permits a malicious app to steal delicate info displayed by different apps or arbitrary web sites, pixel-by-pixel,” Alan Linghao Wang, lead creator of the analysis paper “Pixnapping: Bringing Pixel Stealing out of the Stone Age,” defined in an interview. “Conceptually, it’s as if the malicious app was taking a screenshot of display screen contents it mustn’t have entry to. Our end-to-end assaults merely measure the rendering time per body of the graphical operations… to find out whether or not the pixel was white or non-white.”

Pixnapping in three steps

The assault happens in three principal steps. Within the first, the malicious app invokes Android APIs that make calls to the app the attacker desires to listen in on. These calls can be used to successfully scan an contaminated system for put in apps of curiosity. The calls can additional trigger the focused app to show particular knowledge it has entry to, corresponding to a message thread in a messaging app or a 2FA code for a selected web site. This name causes the data to be despatched to the Android rendering pipeline, the system that takes every app’s pixels to allow them to be rendered on the display screen. The Android-specific calls made embody actions, intents, and duties.

More Stories

GettyImages-2173579243.jpg

Meta reportedly delays blended actuality glasses till 2027

News 617 December 6, 2025 0
big_technology_podcast-plsl0yYS_216px.webp.webp

A have a look at Phreeli, a privacy-focused cellphone provider that lets customers join with solely a ZIP code and makes use of an encryption system based mostly on “zero-knowledge proofs” (Andy Greenberg/Wired)

News 617 December 6, 2025 0
l-intro-1764774758.jpg

Google’s Most Highly effective Productiveness Instrument Can Save You So A lot Time

News 617 December 6, 2025 0

Leave a Reply

Your email address will not be published. Required fields are marked *

You may have missed

newspress-collage-vpjr0xrr3-1765081084178.jpg

The 5 MetLife Stadium matches in World Cup 2026 first spherical

News 617 December 7, 2025 0
64_ll0csd.jpg

Cybersecurity AI brokers co 7 AI raises $130m

News 617 December 7, 2025 0
camille-styles-best-holiday-movies-865x1296.jpg

The Finest New Vacation Motion pictures of 2025

News 617 December 7, 2025 0
Logo-For-White-Backgrounds.png

Ari Fletcher Sparks Buzz With Take On Relationship Struggles

News 617 December 7, 2025 0
GettyImages-2250408421-e1765059449576.jpg

Inter Miami, Messi win first MLS Cup 3-1 vs. Vancouver Whitecaps – NBC Boston

News 617 December 7, 2025 0