Pixnapping attacks begin with the malicious app invoking Android programming interfaces that cause the authenticator or other targeted apps to send sensitive information to the device screen. The malicious app then runs graphical operations on individual pixels of interest to the attacker. Pixnapping then exploits a side channel that allows the malicious app to map the pixels at those coordinates to letters, numbers, or shapes.
It works like screenshotting the 2FA tool. It’s an Android issue.
Little bit off-topic: Linux PC
BTW this is a reminder why we need a secure Wayland solution on our desktop Linux PC. Because this sort of stealing under X11 is possible too.
I think lesson is different. Even with isolation, apps can escape it with side channels.
Authenticator app just needs to implement FLAG_SECURE, no?
Seems more like an app dev issue
Looks like this works regardless of that
Looks like you might be right - though I imagine disabling the ability to draw over apps with that security flag in place would do a lot to mitigate… but… im also not a security researcher
requires a victim to first install a malicious app on an Android phone or tablet
Sure, but it’s still a serious problem even if it’s a side channel attack.
Almost everyone rely on the OS/hardware providing some isolation. People often install shady apps, and browsers automatically execute JS/bytecode from random website they visit. It’s best to have defense in depth, not assume people are perfect at avoiding malicious apps/websites.
