Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Google Pixel. Show all posts
Malwares
Cybersecurity Breach Data Breach data security Data Stolen Google Pixel Malware attacks Malwares

Pixnapping Malware Exploits Android’s Rendering Pipeline to Steal Sensitive Data from Google and Samsung Devices

 

Cybersecurity researchers have revealed a new Android malware attack called Pixnapping, capable of stealing sensitive information from Google and Samsung smartphones without any user interaction. The name “Pixnapping” blends “pixel” and “snapping,” referring to how the malware stealthily extracts visual data pixel by pixel from targeted apps. 

When a user installs an app laced with the Pixnapping malware, it silently scans the device for other apps to spy on—such as Google Authenticator. Instead of opening the target app directly, the malware leverages the Android rendering pipeline to intercept the visual data being displayed. It then analyzes the color and content of individual pixels in areas known to display confidential information, like two-factor authentication (2FA) codes. By interpreting these pixels, the malware reconstructs the original data—essentially taking “invisible screenshots” of protected content without ever triggering normal app permissions. 

According to researchers, three flaws in Android’s design enable Pixnapping. First, apps can invoke another app’s activity through the rendering pipeline, which allows unauthorized access to refresh sensitive screens. Second, Android permits graphical operations to be performed on another app’s displayed content. Third, apps can detect pixel color changes during these operations, revealing the hidden visual data. 

Tests confirmed Pixnapping’s success across several devices, including the Pixel 6, 7, 8, and 9, as well as the Samsung Galaxy S25, running Android versions 13 through 16. The malware’s efficiency varied across devices, achieving success rates between 29% and 73% on Pixel models. On the Galaxy S25, however, researchers couldn’t extract 2FA codes before they expired. The attack was also demonstrated on apps and services such as Gmail, Signal, Venmo, Google Accounts, and Google Maps—indicating that Pixnapping could potentially expose emails, encrypted messages, payment data, and location histories. 

The vulnerability is tracked as CVE-2025-48561. While Google has issued an initial patch, researchers found ways to bypass it, prompting Google to develop a stronger fix expected in the December Android security update.  

Fortunately, Pixnapping has not been detected in active attacks yet. Still, experts urge users to stay vigilant by updating their devices with the latest security patches and downloading apps only from verified marketplaces such as the Google Play Store. Even then, users should double-check app details to ensure authenticity and avoid sideloading unverified applications. 

Pixnapping underscores a critical flaw in Android’s visual data handling and highlights the growing sophistication of modern mobile malware. Until Google delivers a complete patch, maintaining cautious download habits and prompt software updates remains the best defense.
Read more »
sensitive data exposure
Confidential Data Cyber Crime data security Data Theft Google Google Pixel Lawsuit sensitive data exposure

Google Sues Ex-Employee for Leaking Pixel Chip Trade Secrets Online

 


Google has filed a lawsuit against Harshit Roy, a former employee, accusing him of leaking sensitive information about the company's chip designs. The lawsuit, filed in a Texas federal court, alleges that Roy, who worked as an engineer at Google from 2020 to 2024, disclosed confidential details about Pixel processing chips on social media platforms, including X (formerly Twitter) and LinkedIn. 
 
According to the complaint, Roy captured internal documents containing proprietary chip specifications before resigning in February 2024. After leaving Google, he moved from Bangalore, India, to Austin, Texas, to pursue a doctoral program at the University of Texas. 
 

The lawsuit claims that Roy:   

 
- Shared these confidential documents publicly, violating his confidentiality agreement with Google.  
- Posted statements such as, “Don’t expect me to adhere to any confidentiality agreement,” and “Empires fall, and so will you,” along with images of internal documents.   
- Ignored multiple takedown requests from Google and continued posting proprietary information online.  
- Tagged competitors like Apple and Qualcomm in some of his posts, allegedly drawing attention to the leaked information. 
 
Google asserts that the leaked materials contained trade secrets critical to its operations. The disclosures reportedly led to media outlets publishing stories based on the leaked information, further exacerbating the breach. 
 
Jose Castaneda, a spokesperson for Google, emphasized the company's commitment to addressing the situation. “We discovered that this former employee unlawfully disclosed numerous confidential documents. We are pursuing legal action to address these unauthorized disclosures, as such behavior is completely unacceptable,” Castaneda stated. 
 

Google is seeking:   

 
  • Monetary damages to compensate for the breach.   
  • A court order to prevent Roy from further distributing or using the leaked information. 

As part of the legal proceedings, a judge issued a temporary restraining order on Wednesday, prohibiting Roy from sharing additional proprietary details. Google argues that such measures are necessary to:   
 
  • Protect its intellectual property.   
  • Maintain trust within its operations. 
 
This case highlights the ongoing challenges faced by companies in safeguarding trade secrets, especially in highly competitive industries like technology. As the legal battle unfolds, it is expected to shed light on the legal and ethical boundaries of confidentiality agreements and the potential consequences of breaching such agreements in the tech industry.
Read more »
Privacy
Android Artifical Intelligence data security Gemini AI Google Pixel Privacy

Google Assures Privacy with Gemini AI: No Data Sharing with Third Parties

Google recently announced bringing into view its Gemini AI technology, beginning with the latest Pixel 9 devices. As part of this consequential development, Google has reassured users about the strong privacy and security measures surrounding their personal data, addressing growing concerns in the digital age.

A Strong Focus on Privacy

In an exclusive interview with Aayush Ailawadi from Business Today, Sameer Samat, the President of Google’s Android Ecosystem, emphasised that user privacy is a top priority for the company. He explained that for any AI assistant, especially one as advanced as Gemini, safeguarding user data is crucial. According to Samat, Google's longstanding commitment to privacy and security has been a cornerstone of its approach to developing Android. He pointed out that for a personal assistant to be genuinely useful, it must also be trusted to keep conversations and data secure.

Samat highlighted Google’s extensive experience and investment in artificial intelligence as a key advantage. He noted that Google controls every aspect of the AI process, from optimising the AI on users’ devices to managing it in the cloud. This comprehensive control ensures that the technology operates securely and efficiently across all platforms.

One of the standout features of the Gemini AI, according to Samat, is its ability to handle personal queries and tasks entirely within Google’s ecosystem, without involving third-party providers. This approach minimises the risk of data exposure and ensures that users' information remains within the trusted boundaries of Google’s systems. Samat stressed upon the fine details of this feature for users who are particularly concerned about who has access to their personal data.

AI That Works for Everyday Life

When asked about the broader implications of AI, Samat expressed his belief that AI technology should be open-source to better serve consumers. He emphasised that AI needs to be more than just a intricately designed tool— it should be something that genuinely helps people in their daily lives. 

Samat shared an example from his personal experience to illustrate this point. While researching a used car purchase, he used Gemini AI to quickly gather important information that would typically take much longer to find. The AI assistant provided him with a concise list of questions to ask the mechanic, reducing what would have been an hour-long research task to just a few minutes. This practical application, Samat suggested, is what consumers really value—technology that saves them time and makes life easier.

Google’s latest developments with Gemini AI signal a shift in focus from merely advancing technology to making it more accessible and beneficial for everyday use. This reflects a broader trend in the tech industry, where the goal is to ensure that innovations are not only cutting-edge but also practical and user-friendly.

Google’s Gemini AI aims to offer users a more secure and private experience while also being a pragmatic tool for daily tasks. With its focus on preserving privacy, controlled data management, and utility, Google is setting new standards for how AI can convenience our lives while keeping personal information safe.



Read more »
Technology
Google Google Exploit Google Pixel Showcase.apk Technology

The Hidden Threat: Vulnerable App on Google Pixel Devices Puts Millions at Risk


A flaw was discovered in Google Pixel devices, raising concerns among users and experts alike. This blog delves into the details of this vulnerability, its implications, and the steps being taken to mitigate the risk.

The Discovery

A pre-installed app on Google Pixel devices, known as “Showcase.apk,” posed a severe security risk. This app, intended for demo purposes in retail stores, was found to have excessive system privileges. These privileges could potentially be exploited by malicious actors to execute remote code, install malicious packages, and gain unauthorized access to sensitive data.

The Scope of the Problem

The affected devices include Google Pixel phones sold through Verizon, with the vulnerability dating back to at least 2016. Millions of users could be at risk, as the app has been on devices for several years. The fact that such a critical flaw went unnoticed for so long highlights the challenges in ensuring the security of pre-installed software on smartphones.

Technical Details

The “Showcase.apk” app was designed to showcase the features of Google Pixel devices in retail environments. However, its extensive system privileges made it a potential target for exploitation. The app could be used to execute arbitrary code with elevated privileges, allowing attackers to install malicious software, access personal data, and even control the device remotely.

The vulnerability was classified as a high-severity issue due to the potential impact on users’ privacy and security. If exploited, it could lead to data breaches, identity theft, and other malicious activities.

Google’s Response

Upon discovering the vulnerability, Google acted swiftly to address the issue. The company acknowledged the problem and initiated steps to remove the “Showcase.apk” app from affected devices. Google also assured users that there was no evidence of active exploitation of the vulnerability at the time of discovery.

In addition to removing the app, Google has been working on enhancing its security measures to prevent similar issues in the future. This includes conducting thorough security audits of pre-installed software and improving the vetting process for apps that come pre-loaded on devices. Further details are yet to be disclosed by Google.

Read more »
Subscribe to: Comments (Atom)