Malicious app required to make “Pixnapping” attack work requires no permissions.
  • Phoenixz@lemmy.caEnglish
    202·
    1 day ago

    This is a very big hypothetical.

    They’d need to already have access to your account credentials (email, password or at least something that is regarded the same) then have you install this malicious app, then you’d need this app to be open at the same time as your 2FA app

    It’s possible, yes, it’s an awesome find, yes, and this should be patches, yes yes yes, a thousand yes

    Having said that, I’m not too worried about the potential impact of this, it’ll be fine.

  • tidderuuf@lemmy.worldEnglish
    16812·
    2 days ago

    requires a victim to first install a malicious app

    Let me stop you right there… and leave.

    • hietsu@sopuli.xyzEnglish
      2·
      8 hours ago

      Having cleaned a bunch of old folks phones in the past years this is far more common than we ”advanced” users think. It often starts with clicking an advert or some spam mail or message from (infected) friend, which to them, looks absolutely legit. Then the installed app spams the user with notifications to install more ”PDF readers”, ”phone cleanup apps” and whatnot. In best case these just flood the user with ads but just as easily can do more malicious stuff.

      After some schooling (”never click anything that is offered to you” etc.) and putting up defencew like AdGuard (system level) the instances of ”my phone is slow”, ”what does this message mean” etc. have radically decreased. Apple devices have their own issues but this kind of troubles are next to non-existent there.

    • NaibofTabr@infosec.pubEnglish
      1173·
      2 days ago

      Normally I would agree with this perspective, but in this case the “malicious app” is just a demo. It requires no permissions to do the malicious behavior, which means that the relevant code could be included in any app and wouldn’t trigger a user approval, a permissions request or a security alert. This could be hiding in anything that you install.

      • krooklochurm@lemmy.caEnglish
        61·
        1 day ago

        Man in the middle an app download or find some kind of exploit to inject the code from a website, ta da.

        I mean, obviously there’s more to it than this but.

        That’s how these things work. They’re chained.

        • NaibofTabr@infosec.pubEnglish
          2·
          1 day ago

          Hmm, yes that can happen, but can it happen if you’re downloading directly from the Play store?

          • reksas@sopuli.xyzEnglish
            4·
            1 day ago

            first you download something and it has nothing malicious, then you update it later and then it has something.

            • NaibofTabr@infosec.pubEnglish
              2·
              1 day ago

              I’m sure there are apps that have malware built in yes, but I mean the MITM approach during an app download that you were describing.

      • NihilsineNefas@slrpnk.netEnglish
        51·
        1 day ago

        So they’re using the same programs that the three letter agencies of the world have been using to crack phones since before touchscreens existed?

        • NaibofTabr@infosec.pubEnglish
          4·
          1 day ago

          This article doesn’t really address that. I don’t think there’s any indication that this particular vulnerability is related to nation-state hacking.

      • FreedomAdvocate@lemmy.net.auEnglish
        22·
        1 day ago

        So it could be hiding in, what would you call them…….malicious apps?

        The relevant code isn’t going to be in a non malicious app.

        • ReginaPhalange@lemmy.worldEnglish
          51·
          1 day ago

          Listen Mr Zuckerberg, we can improve our ad revenue immensely if we can do this one little trick to Facebook’s code…

            • NaibofTabr@infosec.pubEnglish
              2·
              1 day ago

              Because if it’s doing this it’s a malicious app….

              OK, how would you know?

              Google also said they’ve found zero apps doing this.

              So what? There are millions of apps on the Play store, they aren’t all being reviewed with this level of scrutiny. This means basically nothing.

  • majster@lemmy.zipEnglish
    372·
    2 days ago

    Never ending side channel attacks. Stallman was right, only 100% FOSS gives you control over your device.

    And given that a lot of this stuff is relying on timing the only reliable cure is to make everything slow. But no one wants that. Or maybe getting rid of precise timers in userspace. It would be funny if stopwatch precision was bound to screen refresh rate.

  • mfed1122@discuss.tchncs.deEnglish
    55·
    2 days ago

    "Our end-to-end attacks simply measure the rendering time per frame of the graphical operations… to determine whether the pixel was white or non-white.”

    This is a prime example of something that is so simple, yet elegant, and brilliant. Fantastically cool and scary.

  • socphoenix@midwest.socialEnglish
    50·
    2 days ago

    The new attack, named Pixnapping by the team of academic researchers who devised it, requires a victim to first install a malicious app on an Android phone or tablet. The app, which requires no system permissions, can then effectively read data that any other installed app displays on the screen. Pixnapping has been demonstrated on Google Pixel phones and the Samsung Galaxy S25 phone and likely could be modified to work on other models with additional work. Google released mitigations last month, but the researchers said a modified version of the attack works even when the update is installed.

  • EndlessNightmare@reddthat.comEnglish
    114·
    21 hours ago

    Even if this particular attack is against Android phones, it should be noted that iPhones have their own security issues.

    Stay safe out there, regardless of what type of phone you use.

    Edit: lol, looks like I ruffled some feathers, with a few people really going the extra mile to take the wrong message from it

    • Dr. Moose@lemmy.worldEnglish
      2·
      20 hours ago

      As someone already pointed out it’s a lost game regardless of platform as long as closed source software is used on any machine anywhere it’s fundamentally unsafe. Black market operators like Israel’s Pegasus have been selling ios day 0 exploits for years and there are probably hundreds that exist out there for every single platform.

      The good part is that these rare exploits will not be used on you because they are too valuable the bad part is that the only way against them is full system transparency which is not happening anytime soon.

    • Rai@lemmy.dbzer0.comEnglish
      26·
      1 day ago

      Lawl “exploit developed for android phones”

      You: UK AKSHULLY IPHONES AREN’T SECURE THOUGH

      • EndlessNightmare@reddthat.comEnglish
        21·
        21 hours ago

        Alternately: I was mentioning this to pre-empt anyone marching in here and puffing up about iPhone. Or thinking that they don’t need to worry about security issues.

        Of course you know and understand the intent of my comment. Your bad-faith response fails to impress.

    • FreedomAdvocate@lemmy.net.auEnglish
      13·
      1 day ago

      You hate iPhones so much that you have to take a security issue on Android and defend it by shouting “Apple too!”?

    • Arcane2077@sh.itjust.worksEnglish
      310·
      2 days ago

      Permissions, when built-in to the operating system from conception, are much more effective than when they’re half-heartedly tacked on decades later, which is why these issues keep coming up on Android but not on iOS

      • buddascrayon@lemmy.worldEnglish
        73·
        1 day ago

        The difference isn’t actually in the operating system. iOS is just as vulnerable to such things. The difference is in how the app store is run. Apple locks down there app store so that it’s much more difficult to get malicious apps added. Google is extremely less thorough. Which is one of the reason many of us choose Android. When you choose more freedom the price is more vigilance is necessary to secure yourself and your phone.

        • Arcane2077@sh.itjust.worksEnglish
          38·
          18 hours ago

          That’s an insane take. Sure, Google is less thorough on checking the garbage that gets on the Play Store, but if that was a factor, malware that has made it on the Apple app store would have done it too. They have never been able to bypass permissions because they’re built into the OS and security hardware.

          Edit: People having such a poor understanding of security and buying Apple’s propaganda, ON LEMMY, is so disappointing

      • buddascrayon@lemmy.worldEnglish
        57·
        2 days ago

        Yes that’s why you verify the safety and security of the apps you’re installing on your phone and don’t just go, “ooo, this looks cool, let’s download it and try it out”. This is especially true if you are installing FOSS apps.

        • Noja@sopuli.xyzEnglish
          101·
          2 days ago

          This is especially true if you are installing apps from the play store.

          fixed that small mistake

          • buddascrayon@lemmy.worldEnglish
            1·
            1 day ago

            What “trusted” platform? Google play store? Their rules are lax as all fuck. And if you download an app from a reputable company and it has malware in it you have the Better Business Bureau to turn to. Otherwise buyer beware, scammers exist.

  • solrize@lemmy.mlEnglish
    41·
    2 days ago

    Gotta wonder why random apps don’t need special permissions to run and operate other apps. You can cause plenty of trouble maliciously navigating a browser even if you can’t see the screen.

    • whotookkarl@lemmy.dbzer0.comEnglish
      1·
      1 day ago

      Sandboxing by default and preventing Google and others from spying in and manipulating apps are good steps phone OS developers should use, but I don’t think those kind of things would help for this particular case.

  • BetaDoggo_@lemmy.worldEnglish
    18·
    1 day ago

    It has to be tailored to the specific hardware so I don’t think it’s a major concern for most users. It doesn’t seem like something that can be fully mitigated either, so it’s probably not worth worrying about. Side channel attacks are really cool but also kind of useless in most practical scenarios.