A devastating new attack called Pixnapping can steal two-factor authentication codes from Android devices in under 30 seconds without requiring any system permissions. Academic researchers demonstrated the technique on Google Pixel phones and Samsung Galaxy devices, exploiting GPU rendering timing to reconstruct sensitive visual data pixel by pixel. While Google released partial mitigations in September, researchers say modified versions still work.
Android users just got hit with a sobering reality check. A team of academic researchers has unveiled Pixnapping, a sophisticated attack that can steal two-factor authentication codes, chat messages, and other sensitive data from Android devices in less than 30 seconds. The scariest part? The malicious app needed to pull this off requires zero system permissions.
The attack works on Google Pixel phones and Samsung Galaxy S25 devices, with researchers saying it could likely be adapted for other Android models with additional work. Google scrambled to release mitigations in September, but the research team says modified versions of the attack still work even with the update installed.
"Anything that is visible when the target app is opened can be stolen by the malicious app using Pixnapping," the researchers wrote on their informational website. That includes chat messages, 2FA codes, email content - basically anything displayed on screen.
The technique builds on GPU.zip, a 2023 attack that allowed malicious websites to steal usernames, passwords, and other visual data by exploiting side channels in GPUs from all major suppliers. Those vulnerabilities were never actually fixed - browsers just limited iframe functionality to block the attack. Now researchers have brought the same concept to mobile.
"This allows a malicious app to steal sensitive information displayed by other apps or arbitrary websites, pixel by pixel," lead author Alan Linghao Wang explained in an interview. "Conceptually, it's as if the malicious app was taking a screenshot of screen contents it shouldn't have access to."
The attack unfolds in three precise steps. First, the malicious app invokes Android APIs that force targeted apps to display sensitive information on screen - like causing Google Authenticator to show a 2FA code for a specific site. These calls also let attackers scan for installed apps of interest.
Next, Pixnapping performs graphical operations on individual pixels that the targeted app sent to Android's rendering pipeline. The attack checks whether specific pixel coordinates are white or non-white, effectively mapping visual elements one dot at a time.
"Suppose the attacker wants to steal a pixel that's part of where a 2FA character gets rendered by Google Authenticator," Wang said. "This pixel is either white if nothing was rendered there, or non-white if part of a digit was rendered. The attacker causes graphical operations whose rendering time is long if the pixel is non-white and short if it's white."
The final step measures rendering times at each coordinate. By combining timing data across multiple pixels, the attack reconstructs images from the rendering pipeline pixel by pixel. It's a timing attack that exploits GPU graphical data compression to determine pixel colors.
The researchers tested their approach by attempting to steal 100 different 2FA codes from Google Authenticator across various Pixel devices. Success rates varied significantly: 73% on Pixel 6, 53% on Pixel 7, 29% on Pixel 8, and 53% on Pixel 9. Average extraction times ranged from 14.3 to 25.8 seconds depending on the device.
Interestingly, the attack failed on Samsung Galaxy S25 devices due to "significant noise" in the timing measurements. The researchers acknowledged they need more work to tune the attack for Samsung's implementation.
The 30-second deadline for 2FA codes creates serious constraints. To meet this window, researchers reduced pixel sampling from 64 samples to just 16 and decreased idle time between pixel extractions from 1.5 seconds to 70 milliseconds. Their implementation even waits for the beginning of a new 30-second time interval to maximize available attack time.
Google responded with a statement acknowledging the vulnerability: "We issued a patch for CVE-2025-48561 in the September Android security bulletin, which partially mitigates this behavior. We are issuing an additional patch for this vulnerability in the December Android security bulletin. We have not seen any evidence of in-the-wild exploitation."
The research exposes fundamental limitations in Android's app isolation model. Google's security assurances that one app can't access another app's data clearly have edge cases that determined attackers can exploit.
But implementing Pixnapping in real-world scenarios faces significant practical challenges. The attack requires victim installation of a malicious app, precise timing coordination, and device-specific tuning. In an era where social engineering attacks can breach Fortune 500 companies through simple phishing, the complexity of pixel-level extraction may limit its appeal to sophisticated threat actors.
Still, the research demonstrates how GPU timing side-channels continue to pose risks across computing platforms. The underlying GPU.zip vulnerability remains unfixed across all major suppliers, suggesting this class of attack will persist until hardware-level mitigations are implemented.
Pixnapping represents a sophisticated evolution of GPU timing attacks, bringing pixel-level data extraction to mobile platforms. While Google's patches provide some protection, the fundamental GPU side-channel vulnerabilities remain unfixed across the industry. For Android users, the immediate takeaway is clear: be extremely cautious about installing apps from unknown sources, as even permission-free applications can potentially access sensitive visual data. The research underscores how hardware-level security flaws continue to create unexpected attack vectors that challenge traditional mobile security models.
