The new class of attack is reminiscent of GPU.zip, a 2023 attack that allowed malicious websites to read the usernames, passwords, and other sensitive visual data displayed by other websites. It worked by taking advantage of side channels found in GPUs from all major vendors. The vulnerabilities that GPU.zip exploited were never resolved. Instead, the attack was blocked in browsers by limiting the ability to open iframes, an HTML element that allows a website (in the case of GPU.zip, a malicious one) to embed the content of a site from another domain.
Pixnapping focuses on the same side channel as GPU.zip, specifically the precise amount of time it takes for a given frame to appear on screen.
“This allows a malicious app to steal sensitive information displayed by other apps or arbitrary websites, pixel by pixel,” Alan Linghao Wang, lead author of the research paper “Pixnapping: Bringing Pixel Stealing out of the Stone Age,” explained in an interview. “Conceptually, it's as if the malicious app takes a screenshot of the screen content it shouldn't have access to. Our end-to-end attacks simply measure the rendering time per frame of the graphics operations… to determine whether the pixel was white or non-white.”
Pixnapping in three steps
The attack takes place in three main steps. In the first case, the malicious app invokes Android APIs that call the app the attacker wants to snoop on. These calls can also be used to effectively scan an infected device for installed apps of interest. The calls can further cause the targeted app to display specific data it has access to, such as a message thread in a messaging app or a 2FA code for a specific site. This call ensures that the information is sent to the Android rendering pipeline, the system that uses the pixels of each app, so that they can be displayed on the screen. The Android-specific calls include activities, intentions, and tasks.
