Android Hack Can Steal 2FA Codes in Seconds

Researchers have discovered a new Android attack called Pixnapping, which allows hackers to steal sensitive data displayed on a phone's screen, including private 2FA codes and messages.

2FA codes are a crucial part of online security, and this vulnerability exploits the fact that these codes are displayed on the phone's screen. The attack doesn't require permissions or screenshots, but rather raw access to the pixels displayed on the screen.

The idea of stealing data from pixels is not new, and was first explained in 2013, with browsers later adding restrictions to prevent it.

A similar issue, known as the 'Hot Pixel' attack, was discovered in 2023, which exploited modern GPUs and SoCs to steal browsing history. Pixnapping can steal data in under 30 seconds.

Author's summary: Pixnapping is a new Android vulnerability that steals 2FA codes.

• Pixnapping steals sensitive data from phone screens
• No permissions or screenshots required
• Data can be stolen in under 30 seconds

more

Bitdefender — 2025-10-14

---

More News

• Bad Parking photos are giving The Villages a bad name - Villages-News.com
• Al-Muasher: The Two-State Solution is Dead
• Ferrari Elettrica Will Play Sounds like an Electric Guitar | Man of Many