Image from humanfocus

A team of security researchers involving 4 universities in the US has reported the discovery of a serious flaw in the security features of Android smartphones. So, what should you know about it?

Pixnapping - A new way to breach your privacy

Through a new attack called Pixnapping, hackers have been found to not only access private messages but also other sensitive data on Android phones.

Cybercriminals are even able to bypass Android security features to steal two-factor authentication (2FA) codes. All of this can be done without requiring any device system permissions. This attack is based on a side channel that exploits the pixel rendering time of the GPU.

“Conceptually, it seems as if a malicious application is taking a screenshot of screen content that it shouldn’t be accessing. Our end-to-end attack simply measures the rendering time of each frame of a graphics operation… to determine whether the pixel is white or not.” - Researchers.

Pixnapping occurs in three steps. The malicious application activates the target application to display sensitive data, then performs graphics operations to identify the colour of a specific pixel, and finally measures the rendering time to determine the visual content.

High success rate for Pixnapping to steal your codes

This allows malicious applications to "read" the screens of other applications indirectly. This test, conducted on Google Pixel 6 to 9, showed a success rate of up to 73% in stealing 2FA codes in less than 30 seconds.

Although Google released a security patch in September 2025, the modified version of the attack can still overcome existing protections, according to the research team.

This research reveals how complex this attack is. However, in real-world scenarios, it is highly likely that hacking incidents using this technique could potentially occur.

Did this news catch your attention? Stay tuned for more news like this at TechNave!