TL;DR
Researchers have revealed a new class of Android exploit called “Pixnapping” that allows a malicious app to infer on‑screen pixels – enough to read six‑digit 2FA codes – by combining common Android graphics APIs with a GPU side channel. Demonstrations on Pixel 6‑9 and Galaxy S25 devices running Android 13–16 show that the technique sidesteps the platform sandbox and requires no special permissions. Google released partial mitigations in September 2025, but researchers say workarounds remain; a complete fix is expected. In the meantime, organizations should patch promptly, favor hardware‑based MFA and push‑based authentication, and avoid displaying secrets directly on‑screen.
Full article
In October 2025, a team of researchers from UC Berkeley, UC San Diego, the University of Washington and Carnegie Mellon University unveiled “Pixnapping,” a novel attack on Android devices that essentially steals screen pixels. By carefully abusing legitimate Android graphics interfaces and exploiting an undocumented GPU compression side channel (“GPU.zip”), a malicious app can infer the color and timing of individual pixels rendered by another app. Over time, those pixel readings can be reconstructed into sensitive information – a 2FA code, a portion of a private message, or even a QR code – without the user noticing and without the attacking app requesting special permissions.
The researchers demonstrated Pixnapping on a range of devices, including Google Pixel models 6 through 9 and Samsung’s S25 line, all running Android 13 through 16. In one proof‑of‑concept, a rogue app passively captured a six‑digit Google Authenticator code in under thirty seconds. The team notes that the technique is more covert than familiar overlay or accessibility attacks because it operates at the graphics layer: no overlay windows or accessibility privileges are needed, and the attack leaves little trace.
Technically, Pixnapping works in three stages. First, the malicious app triggers or waits for the target app to draw sensitive content – for example, by opening a two‑factor authentication dialog or by watching for a signal from the victim. Next, it issues a carefully crafted series of drawing commands via Android’s rendering APIs. Those commands are designed to overlap with the area of the screen containing the secret. Finally, by measuring timing variations and memory‑access patterns from the GPU’s compression engine, the attacker infers the colors of the overlapping pixels. Optical character recognition can then reconstruct the underlying numbers or text. Because the method leverages a hardware side channel, software‑only protections are difficult.
Google assigned the flaw CVE‑2025‑48561 and shipped partial mitigations in its September 2025 Android security bulletin. However, according to early industry analysis, the initial fix can be bypassed by slightly altering the drawing pattern, meaning that a full patch may require firmware or driver updates. Researchers urge Android vendors and GPU manufacturers to harden their compression units and restrict access to vulnerable APIs. They also recommend minimizing the amount of information rendered directly on‑screen and using hardware‑backed security elements for sensitive operations.
The broader implications extend beyond one‑time codes. Any app that displays confidential information – from banking and chat applications to mapping and email clients – could, in theory, be targeted. For organizations that rely heavily on mobile devices, this raises the stakes. Best practices include switching to FIDO2/WebAuthn authenticators or app‑based push approvals instead of on‑screen codes, reducing dwell time for sensitive screens, and implementing runtime monitoring to detect abnormal GPU usage. Security teams should also prioritize timely application of Android security updates and push carriers and OEMs for driver patches as they become available.
Ultimately, Pixnapping highlights how side channels in modern hardware can undermine assumptions about isolation between apps. By revealing this technique publicly and collaborating with vendors, the research community hopes to drive rapid improvements in Android’s rendering pipeline and the underlying GPU firmware. Until then, organizations and end users should act with appropriate caution: limit exposure of secrets, apply patches quickly, and avoid relying on visible codes as the sole authentication factor.
redsec.ninja 
Leave a comment