Your Android’s 2FA and Messages Aren’t Safe From Hackers

A serious security flaw affecting Android devices has been uncovered, putting sensitive user information at risk. This vulnerability allows malicious software to intercept two-factor authentication codes, private messages, and location histories in under half a minute. The technique, developed by academic researchers and named Pixnapping, functions by having users inadvertently install a harmful application. Remarkably, this app requires no special permissions to access data displayed on the screen by other applications.

The attack method operates in a manner similar to taking a screenshot. Once the malicious app is running, it triggers specific Android programming interfaces. This action forces targeted apps, such as authenticators or messaging services, to display confidential information on the device’s display. The malicious software then performs graphical operations on individual pixels that contain data valuable to the attacker.

Researchers successfully demonstrated Pixnapping on Google Pixel and Samsung Galaxy S25 models, noting the approach could likely be adapted for other Android devices. Although Google has released security updates to counter this threat, the research team confirmed that a modified form of the attack remains effective even on updated systems.

The exploit takes advantage of a side channel that enables the malicious application to translate specific screen pixels into readable characters, numbers, or symbols. Essentially, any information visible within an open application becomes vulnerable to theft. This includes text messages, one-time passwords, and email content. However, data that an app stores internally without ever displaying it on the screen remains protected from this particular method of extraction.

(Source: Ars Technica)