Android Vulnerability Endangers Recovery Phrases, 2FA Codes
A newly discovered Android vulnerability, called "Pixnapping," allows malicious apps to steal sensitive on-screen information like crypto wallet recovery phrases and 2FA codes from other apps. The attack uses Android APIs to measure the content of specific pixels by overlaying attacker-controlled, semi-transparent activities that expose one pixel at a time, inferring their color to gradually reconstruct sensitive data displayed on the screen. This process is slow, limiting its effectiveness against fleeting content, but lengthy displays, such as wallet recovery phrases, are especially at risk. Tests showed Pixnapping could recover 2FA codes from Google Pixel 6-9 devices with success rates between 29% and 73%, typically within 14–26 seconds. The attack works across various recent Android versions and devices. While Google tried to patch the vulnerability, researchers demonstrated workarounds and described Google’s fix as insufficient, especially for Samsung devices. To stay safe, users should avoid displaying critical information on Android devices, and opt for hardware wallets, which keep private keys and recovery phrases offline and unreachable from mobile malware.
