#gpuzip

[ follow ]
#pixnapping #android-side-channel #2fa-compromise #android-security #side-channel-attack #pixel-leakage
Information security
fromThe Hacker News
2 weeks ago

New Pixnapping Android Flaw Lets Rogue Apps Steal 2FA Codes Without Permissions

Pixnapping is a pixel-stealing Android side-channel attack that can extract 2FA codes, Google Maps timelines, and other sensitive data without special app permissions.
fromTheregister
2 weeks ago

Android Pixnapping attack can capture app data like 2FA info

The attack works by accessing information about screen display pixels through a hardware side channel ( GPU.zip), using a technique [PDF] described by security researcher Paul Stone in 2013. Stone's work described how SVG filters could be used in a timing attack [PDF] to read the pixel values from a web page in a cross-origin iframe, a method subsequently mitigated by iframe and cross-origin cookie restrictions.
Information security
[ Load more ]