Pixnapping Attack

https://www.pixnapping.com/

70•kevcampb•2h ago

Comments

ChrisArchitect•1h ago

Discussion: https://news.ycombinator.com/item?id=45574613

jonplackett•51m ago

In the previous discussion everyone seems happy it’s been patched and not to worry (even though androids mostly don’t run anything like the latest android)

But in this write up they say the patch doesn’t work fully

charcircuit•46m ago

The bigger issue is the sidechannel that exists which leaks information from secure windows, even from protected buffers, potentially including DRM protected content.

While these blurs make the sidechannel easier to use as it provides a clear signal, considering you can predict the exact contents of the screen I feel like you could get away with just a mask.

esher•1h ago

I was looking for a nice browser game, just judging by the name.

ggm•30m ago

Not a phone designer, but could we imagine a new class of screen region which is excluded from screen grab, draw over and soft focus with a mask, and then notification which do otp or pin subscribe to use it?

charcircuit•21m ago

App developers can already dynamically mark their windows as secure which should prevent any other app from reading the pixels it rendered. The compositor composites all windows, including secure windows and applies any effects like blur. No apps are supposed to be able to see this final composited image, but this attack uses a side channel they found that allows apps on the system to learn information about the pixels within the final composition.

bilekas•18m ago

It's not exactly a new technique but it's effective for most super targeted attacks, honestly it seems if you were this inclined to be able to get a specific app on the users phone, you might as well just work off the Android app you've already gotten delivered to the users phone. Like Facebook.

Throw a privacy notice to the users "This app will take periodic screenshots of your phone" You'd be amazed how many people will accept it.

> Did you release the source code of Pixnapping? We will release the source code at this link once patches become available: https://github.com/TAC-UCB/pixnapping

It's not exactly impossible to reverse what's happening here. You could have waited until it was patched but sounds like you wanted to get your own attention as soon as possible.

Rethinking RDAs (Recommended Daily Allowances) (2019) [video]

Go Agent Development Kit

Common yeast can survive Martian conditions

iPhone Air review: Back to the future

Xiaomi 17 Pro Max: An iPhone But Better [video]

Researchers intercept unencrypted satellite traffic from space blabbermouths

Starlink: 50 MHz of spectrum and 15K new satellites

Cretaceous Software Engineering – Why I don't use AI to write code

An Interactive Introduction to Fourier Transforms

Technological Optimism and Appropriate Fear

Europe's Digital Sovereignty Paradox – "Chat Control" Update

Sweater

ComfyUI on Nvidia DGX Spark

Wi-Fi 7 iPhones are basically Wi-Fi 6E with better marketing

There Are No Programmers in Star Trek

How Modern Compilers Optimize Code a Walkthrough

Japanese Government Calls on OpenAI to Refrain from Copyright Infringement

Why Different GEO Dashboards Show Different Results

Pathetic Losers

Ask HN: What are your key use cases for bulk YouTube subtitle downloading?

How to stop Linux threads cleanly

Event Deep Research: an open-source project that builds chronologies

Built my own "mini Docker" using just Bash scripts using only Linux tools

Show HN: A "How-to" search engine that explains with text and visuals

Apple to Build Tabletop Robot and Home Hub in Vietnam

Show HN: Drastic – Run Nintendo DS Games on Android

Research: Italy's Piracy Shield Is Just as Big a Disaster as Everyone Predicted

Localization in Ruby on Rails: Yes/No, On/Off

London Became a Global Hub for Phone Theft. Now We Know Why

Review: Sangean DPR-35 Pocket DAB+ Radio