A newly discovered class of attacks targets Android devices, allowing malicious apps to steal on-screen information from other apps using a technique known as pixel stealing. Dubbed Pixnapping, the attack leverages previously known side-channel vulnerabilities and affects virtually all apps, including Signal, Google Authenticator, Venmo, and many others.
The Pixnapping attack begins when a victim installs a malicious app that later uses Android APIs to launch another app, such as Google Authenticator. The malicious app then performs pixel-level operations on screen regions where the target app is known to display sensitive information. Finally, it exploits a side channel to extract these pixels one by one. The researchers describe this process as being conceptually similar to taking a screenshot of the target app’s screen.
Pixnapping forces sensitive pixels into the rendering pipeline and overlays semi-transparent activities on top of those pixels via Android intents. To induce graphical operations on these pixels, our instantiations use Android’s window blur API. To measure rendering time, our instantiations use VSync callbacks
The attack uses the GPU.zip side-channel vulnerability, which the researchers say is present in nearly all modern GPUs, including those from AMD, Apple, Arm, Intel, Qualcomm, and Nvidia.
The research broadly draws a parallel between iframes in browsers and app layering on mobile phones, i.e. the ability to invoke an external app using app intents. App layering enables a malicious app to operate on the pixels of another app, potentially leading to information leaks. Since app layering is is unlikely to disappear, the researchers note that
A realistic response is making the new attacks as unappealing as the old ones: allow sensitive apps to opt-out and restrict the attacker’s measurement capabilities so that any proof-of-concept stays just that.
It also appears that no mitigation strategies exist that developers might adopt to protect their apps against Pixnapping.
In their paper, the researchers emphasize that the Pixnapping attack “enables stealing secrets only stored locally (e.g., 2FA codes and Google Maps Timeline), which have never before been in reach of pixel stealing attacks.”
Pixel stealing attacks are actually not entirely new, since they were firstly demonstrated in 2013 using iframes to embed target websites and SVG filters to exflitrate information from those websites’ pixels. This kind of attacks has been radically mitigated by modern web browsers restricting iframes and cross-site cookie usage.
The GPU.zip side-channel vulnerability was disclosed by the same research group in 2023 and never patched by affected GPU vendors. In the context of the its initial discovery, focusing on websites data exfiltration, the vulnerability was of no major concern because browsers restrict iframe and cross-site cookie usage, and most sensitive websites are protected against such exploits.