A new attack gives hackers to steal identity 2 factor codes from Android phones

0


Are Android devices It is vulnerable to a new attack that can secretly steal two -factor validity codes, location time and other private data in less than 30 seconds.

The new attack, Pixnapping by a team of university researchers who invented it, needs a victim to first install a malicious application on an Android phone or tablet. This program, which does not require a system permit, can read the data that any other installed application on the screen can read effectively. Pixnapping is shown on Google Pixel and Samsung Galaxy S25 phones and can probably be modified with extra work to work on other models. Google released Mitigations last month, but researchers said the modified version of the attack was working even when installing updates.

Like taking a photo

Pixel attacks with a malicious application of Android programming interfaces that confirm credit or other targeted programs send sensitive information to the device page. The malicious program then performs graphic operations on individual pixels for the attacker. Pixnapping then abuses a lateral channel that allows the malicious program to mapping the pixels in the coordinates of letters, numbers or shapes.

Researchers wrote in an information website: “Anything that is visible when the target program is opened can be stolen by a malicious application using PixNApping.” “Chat messages, 2FA codes, email messages, etc. are all vulnerable because they are visible. If a program has hidden information that is not visible (for example, a secret key that is stored but never displayed on the screen), this information cannot be stolen by pixel.”

The new attack class is reminiscent of GPU.ZIP, a 2023 attack that allows malicious websites to read usernames, passwords and other sensitive visual data displayed by other websites. This worked by the use of the peripherals in the GPU from all the main suppliers. The vulnerability that GPU.ZIP has never been resolved. Instead, the attack is blocked by restricting their ability to open the IFRAMES, an HTML element that allows a website (in the case of gpu.zip, a destructive) to embed the contents of a site from a different domain, in the browsers.

Pixnapping targets the same side channel gpu.zip, specifically the exact time it takes for a given frame to display on the screen.

About The Author

Leave a Reply

Your email address will not be published. Required fields are marked *