Hasty Briefsbeta

Hackers can steal 2FA codes and private messages from Android phones

3 hours ago
https://arstechnica.com/security/2025/10/no-fix-yet-for-attack-that-lets-hackers-pluck-2fa-codes-from-android-phones/
Copy Link
  • #Pixnapping
  • #Android
  • #Security
  • Android devices are vulnerable to a new attack called Pixnapping.
  • Pixnapping can steal 2FA codes, location timelines, and other private data in under 30 seconds.
  • The attack requires installing a malicious app, which needs no system permissions.
  • The malicious app reads data displayed on the screen by other apps.
  • Demonstrated on Google Pixel and Samsung Galaxy S25, but could be modified for other models.
  • Google released mitigations, but a modified version of the attack bypasses them.
  • Pixnapping exploits a side channel to map pixels to sensitive information like letters or numbers.
  • Only visible information (e.g., chat messages, 2FA codes) is vulnerable; hidden data remains safe.
AboutLogin