Hackers can steal 2FA codes and private messages from Android phones. The "Pixnapping" attack is a really clever piece of research. It shows that the theoretical wall between apps on your phone isn't as solid as we'd like to believe. By exploiting a GPU side channel, a malicious app with zero permissions can effectively screenshot other apps, one pixel at a time. It's a reminder that security is a stack, and a vulnerability at the hardware level can undermine everything built on top of it.
TL;DR A new attack called "Pixnapping" can read visual data from other apps on Android devices.
It exploits a GPU side-channel leak to steal sensitive info like 2FA codes and messages, pixel by pixel.
The scary part: the malicious app required for the attack needs zero special permissions to be granted.
While complex to pull off, this is a serious proof of concept that challenges the core idea of OS app sandboxing.
https://arstechnica.com/security/2025/10/no-fix-yet-for-attack-that-lets-hackers-pluck-2fa-codes-from-android-phones/
#Android #Cybersecurity #SideChannelAttack #2FA #security #privacy #cloud #infosec
