Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
Android devices are Risk in a new attack that can steal bi-factor authentication code, location deadline and other personal data in less than 30 seconds.
It is necessary to first install a contaminated app on Android phone or tablet for the new attack called Pixnoping by a team of academic researchers created. The app, who has no system permission, can then effectively read data that shows any other installed app on the screen. Google Pixel Phone and Samsung Galaxy S25 Pixanyaping has been displayed on the phone and may probably be modified to work on other models with extra work. Google revealed the mall last month, but researchers say that a modified version of the attack works even after the update is installed.
Screenshot
Pixnyaping attacks begin with the contaminated app for Android programming interfaces that cause authentic or other target applications to transmit sensitive information to the device screen. The contaminated app then operates a graphical operation in separate pixels of interest to the attacker. Pixnopping then absorbs A Side channel It allows the contaminated app to map letters, numbers or shapes in those coordinates.
Researchers wrote, “Anything visible when opening the target app can be stolen by contaminated app using pixanyaping,” Informative websiteThe “Chat messages, 2 FA codes, email messages, etc. are all weak. If an app has secret information that is not visible (eg, it has a secret key that is stored, never shown on the screen), that information cannot be stolen by pixanyaping.”
The new attack reminds the class Gpu.zipA 2023 attack that allows contaminated websites to read the username, password and other sensitive visual data displayed by other websites. It has worked by using side channels found in GPUs from all large suppliers. The weaknesses that absorb GPUGP have never been fixed. Instead, the attack was blocked by limiting the opening of the IFrames in the browsers, an HTML material that allowed a website (in the case of GPUGP, a contaminated case) to embed it from another domain.
Pixanyaping aims to the same side channel as GPUGP, especially for the frame given to the screen to render the screen specific time.
