The new attack class is reminiscent of GPU.zip, a 2023 attack that allowed malicious websites to read usernames, passwords, and other sensitive visual data displayed by other websites. It worked by leveraging side channels found in GPUs from all major vendors. The vulnerabilities exploited by GPU.zip have never been fixed. Instead, the attack was blocked in browsers by limiting their ability to open iframes, an HTML element that allows a website (in the case of GPU.zip, a malicious site) to embed content from a site from a different domain.
Pixnapping targets the same side channel as GPU.zip, specifically the precise time it takes for a given frame to render on screen.
“This allows a malicious application to steal sensitive information displayed by other applications or arbitrary websites, pixel by pixel,” Alan Linghao Wang, lead author of the research paper “Pixnapping: Bringing Pixel Stealing out of the Stone Age,” explained in an interview. “Conceptually, it’s as if the malicious application took a screenshot of screen content that it shouldn’t have access to. Our end-to-end attacks simply measure the per-frame rendering time of graphics operations… to determine whether the pixel was white or non-white.”
Pixnapping in three steps
The attack takes place in three main stages. In the first case, the malicious application calls Android APIs that call the application that the attacker wants to spy on. These calls can also be used to effectively scan an infected device for installed interesting apps. Calls can further cause the targeted app to display specific data that it has access to, such as a thread in a messaging app or a 2FA code for a specific site. This call causes information to be sent to the Android rendering pipeline, the system that takes pixels from each app so they can be rendered on the screen. Android-specific calls made include Activities, Intents, and Tasks.
