Pixnapping Attack Allows Recovery of 2FA Codes on Android, Pixel by Pixel
A newly discovered side-channel attack called Pixnapping allows a malicious Android application to extract confidential data without requiring any special permissions, by stealing individual pixels displayed by other applications or websites.
The attack enables the reconstruction of sensitive information such as messages from secure messengers, emails, and two-factor authentication (2FA) codes from apps like Google Authenticator — effectively, anything visible on the device’s screen.
Pixnapping was developed by seven researchers from U.S. universities. It works on fully updated, modern Android devices and can steal 2FA codes in under 30 seconds.
Vulnerability and Partial Fix
Google engineers attempted to fix the issue (CVE-2025-48561) as part of the September 2025 Android security updates, but the researchers managed to bypass the patch.
A more comprehensive fix is expected to be released in December 2025.
How the Attack Works
The Pixnapping attack begins when a malicious app abuses the Android intent system, opening a target application or web page so its window is handed off to SurfaceFlinger, the system compositor responsible for combining multiple app windows.
Next, the malicious app isolates specific pixels—for example, those forming the digits of a 2FA code—and determines whether they are white or not through a series of graphical operations.
Each pixel is extracted by opening what the researchers call a “masking activity”—a full-screen window that covers the target app.
The attacker makes this masking window completely opaque white except for a single transparent pixel at a chosen location, allowing pixel-by-pixel inspection.
During the process, SurfaceFlinger’s blur implementation is used to enlarge isolated pixels, creating a stretching effect that makes reconstruction easier. Once all target pixels are captured, a process similar to Optical Character Recognition (OCR) is applied to reassemble characters and digits.
“Conceptually, it’s as if the malicious application is taking a screenshot of on-screen content that it should not have access to,” the researchers explain.
Leveraging GPU.zip
To extract visual data, the researchers combined Pixnapping with the GPU.zip side-channel attack, which exploits graphics data compression in modern GPUs.
Although the data leak rate is relatively low (between 0.6 and 2.1 pixels per second), optimizations allowed full 2FA code recovery in less than 30 seconds.
Tests were conducted on Google Pixel 6–9 and Samsung Galaxy S25 devices running Android 13 through 16. All proved vulnerable.
Because the underlying mechanisms exist in earlier Android versions, older devices are likely at risk as well.
Real-World Applicability
The researchers also analyzed nearly 100,000 applications from the Google Play Store and found hundreds of thousands of invocable activities accessible through Android intents—demonstrating the attack’s wide potential reach.
Their technical paper lists several data theft scenarios:
- Google Maps — Timeline entries occupy 54,000–60,000 pixels; unoptimized recovery takes 20–27 hours per entry.
- Venmo — Balance and transaction areas cover 7,400–11,300 pixels; recovery takes 3–5 hours.
- Google Messages (SMS) — Conversations span 35,000–44,000 pixels; recovery requires 11–20 hours. The attack distinguishes sent vs. received messages by color (blue vs. gray).
- Signal — Conversations occupy 95,000–100,000 pixels; recovery takes 25–42 hours, even with Signal’s Screen Security feature enabled.
Vendor Response
Google and Samsung have pledged to deliver a full mitigation by year’s end, but no GPU vendor has yet announced a plan to address the GPU.zip side-channel vulnerability.
Although the initial attack vector was patched in September, researchers confirmed that the fix can be bypassed.
Google clarified, however, that the updated exploitation technique requires detailed knowledge of the target device, making real-world attacks significantly harder to execute.
The company also emphasized that no evidence of Pixnapping being used in active attacks has been found.
