Red alert: New Android attack reveals danger of data theft!

Red alert: New Android attack reveals danger of data theft!

Android users are facing a new threat called “Pixnapping.” This form of attack was identified by a team of researchers from UC Berkeley, the University of Washington, UC San Diego and Carnegie Mellon. The researchers found that Pixnapping allows malicious applications to steal sensitive screen data, including 2FA (two-factor authentication) codes, emails and location histories.

The attack exploits Android's content suspension, bypassing browser protections. Malicious apps can manipulate victims' pixels by opening activities via intents and using semi-transparent activities. A full-blown attack can steal security-critical 2FA codes from Google Authenticator in less than 30 seconds.

Inadequate security measures

Google attempted to patch the vulnerability on September 2, but researchers found a workaround. Although the patch has been implemented, it cannot completely contain the attack. This shows how vulnerable the system remains despite efforts to protect data protection. Tests with this exploit were successfully carried out on the Google Pixel 6, 7, 8, 9 and Samsung Galaxy S25 models.

What's particularly interesting is that the attack on the Galaxy S25 was unsuccessful due to "significant noise" in the stolen data, requiring further fine-tuning in attack methods. This raises further questions about the security of Android devices.

Protective measures and recommendations

To protect yourself from such attacks, experts recommend avoiding installing applications from unknown sources and always installing the latest security updates. Users should also be careful about what permissions they grant to installed apps to prevent unauthorized access to sensitive information.

The discovery of the Pixnapping attack clearly represents a serious security incident that should alert Android device users. Experts emphasize that increased awareness of such threats is crucial to protecting personal information.