Android Vulnerability Allows Malicious Apps to Steal 2FA Codes and Private Data Without Permissions
By
sipofwater
7mo ago· 8 min readenNews
100/100
Golden Brown
Bagelometer↗
The kind of bagel that ruins lesser bagels for you.
Score100TypenewsSentimentnegative
Summary
Researchers have discovered a new Android vulnerability called 'Pixnapping' that allows malicious apps to steal sensitive data including 2FA codes, location timelines, and private messages without requiring any system permissions. The attack works by reading data displayed on the screen from other installed apps and can extract information in under 30 seconds. The vulnerability affects Android devices and requires users to install a malicious app first, but the app needs no special permissions to execute the attack.
Key quotes
· 4 pulledAndroid devices are vulnerable to a new attack that can covertly steal 2FA codes, location timelines, and other private data in less than 30 seconds.
The new attack, named Pixnapping by the team of academic researchers who devised it, requires a victim to first install a malicious app on an Android phone or tablet.
The app, which requires no system permissions, can then effectively read data that any other installed app displays on the screen.
Pixnapping has been demonstrated on Google Pi
Malicious app required to make “Pixnapping” attack work requires no permissions.
