- cross-posted to:
- technology@beehaw.org
- cross-posted to:
- technology@beehaw.org
You must log in or # to comment.
requires a victim to first install a malicious app
Let me stop you right there… and leave.
The new attack, named Pixnapping by the team of academic researchers who devised it, requires a victim to first install a malicious app on an Android phone or tablet. The app, which requires no system permissions, can then effectively read data that any other installed app displays on the screen. Pixnapping has been demonstrated on Google Pixel phones and the Samsung Galaxy S25 phone and likely could be modified to work on other models with additional work. Google released mitigations last month, but the researchers said a modified version of the attack works even when the update is installed.
Never ending side channel attacks. Stallman was right, only 100% FOSS gives you control over your device.
And given that a lot of this stuff is relying on timing the only reliable cure is to make everything slow. But no one wants that. Or maybe getting rid of precise timers in userspace. It would be funny if stopwatch precision was bound to screen refresh rate.
Duh, they’re hackers /s
Even if this particular attack is against Android phones, it should be noted that iPhones have their own security issues.
Stay safe out there, regardless of what type of phone you use.
Edit: lol, looks like I ruffled some feathers, with a few people really going the extra mile to take the wrong message from it
Permissions, when built-in to the operating system from conception, are much more effective than when they’re half-heartedly tacked on decades later, which is why these issues keep coming up on Android but not on iOS
Yes, this is why Androids and iPhone have inherently different security issues.
I was replying to your original comment. Please don’t pretend you haven’t changed it
You hate iPhones so much that you have to take a security issue on Android and defend it by shouting “Apple too!”?
So you’re denying that iPhone have security issues?
No, just that that’s got nothing to do with the topic or conversation at hand.
Lawl “exploit developed for android phones”
You: UK AKSHULLY IPHONES AREN’T SECURE THOUGH
Alternately: I was mentioning this to pre-empt anyone marching in here and puffing up about iPhone. Or thinking that they don’t need to worry about security issues.
Of course you know and understand the intent of my comment. Your bad-faith response fails to impress.
Gotta wonder why random apps don’t need special permissions to run and operate other apps. You can cause plenty of trouble maliciously navigating a browser even if you can’t see the screen.
Sandboxing by default and preventing Google and others from spying in and manipulating apps are good steps phone OS developers should use, but I don’t think those kind of things would help for this particular case.
Never ending side channel attacks. Stallman was right, only 100% FOSS gives you control over your device.
And given that a lot of this stuff is relying on timing the only reliable cure is to make everything slow. But no one wants that. Or maybe getting rid of precise timers in userspace. It would be funny if stopwatch precision was bound to screen refresh rate.
deleted by creator
deleted by creator
Use open source apps and everything to be protected. Gotcha
It has to be tailored to the specific hardware so I don’t think it’s a major concern for most users. It doesn’t seem like something that can be fully mitigated either, so it’s probably not worth worrying about. Side channel attacks are really cool but also kind of useless in most practical scenarios.
