All news with #two-factor authentication tag

Pixnapping: Android GPU Side-Channel Steals 2FA Pixels

⚠️ Researchers have disclosed Pixnapping, a pixel-stealing side-channel that can extract 2FA codes, Maps timelines, and other sensitive UI contents from Android apps by abusing GPU compression together with Android's window-blur and intent mechanisms. The proof-of-concept captures codes in under 30 seconds on several Google and Samsung devices running Android 13–16 without requiring special manifest permissions. Google tracked the issue as CVE-2025-48561 (CVSS 5.5) and issued mitigations in the September 2025 Android Security Bulletin, but researchers say a workaround can re-enable the technique and that some app-list bypass behavior will not be fixed.