- Pixnapping imatha kuba makhodi a 2FA ndi data ina yapakompyuta pasanathe masekondi 30 popanda chilolezo.
- Imagwira ntchito molakwika ndi ma API a Android ndi njira yakumbali ya GPU kuti ipangitse ma pixel kuchokera ku mapulogalamu ena.
- Kuyesedwa pa Pixel 6-9 ndi Galaxy S25; chigamba choyambirira (CVE-2025-48561) sichichiletsa kwathunthu.
- Ndikoyenera kuti mugwiritse ntchito FIDO2/WebAuthn, kuchepetsa deta yodziwika bwino pazenera, ndikupewa mapulogalamu kuchokera kuzinthu zokayikitsa.
Gulu la ofufuza lawulula Pixnapping, imodzi Njira yowukira motsutsana ndi mafoni a Android omwe amatha kujambula zomwe zikuwonetsedwa pazenera ndikuchotsa zachinsinsi monga 2FA zizindikiro, mauthenga kapena malo mu nkhani ya masekondi ndi popanda kupempha chilolezo.
Chofunikira ndikuwononga ma API amtundu wina ndi a GPU mbali njira kudziwa zomwe zili mu pixel zomwe mukuwona; ndondomekoyi ndi yosaoneka komanso yothandiza malinga ngati chidziwitsocho chimakhala chowonekera, pamene Zinsinsi zomwe sizikuwonetsedwa pazenera sizingabedwe. Google yakhazikitsa zochepetsera zogwirizana ndi CVE-2025-48561, koma olemba zomwe apeza awonetsa njira zozemba, ndipo kulimbikitsidwa kwina kumayembekezeredwa mu December nkhani ya chitetezo cha Android.
Kodi Pixnapping ndi chiyani ndipo chifukwa chiyani ili ndi nkhawa?
Dzina kuphatikiza "pixel" ndi "kuba" chifukwa kuukira kwenikweni kumapanga a "Pixel hijacking" kupanganso zambiri zomwe zimawoneka mu mapulogalamu ena. Ndikusintha kwa njira zamakina zomwe zidagwiritsidwa ntchito zaka zapitazo m'masamba asakatuli, zomwe tsopano zasinthidwa kuti zigwirizane ndi chilengedwe chamakono cha Android ndikuchita mosavutikira komanso mosavutikira.
Popeza sichifuna zilolezo zapadera, Pixnapping amapewa chitetezo kutengera chilolezo chitsanzo ndi zimagwira ntchito mosawoneka, zomwe zimawonjezera chiwopsezo kwa ogwiritsa ntchito ndi makampani omwe amadalira gawo lachitetezo chawo pazomwe zimawonekera posachedwa pazenera.
Momwe kuukirako kumachitikira
Nthawi zambiri, pulogalamu yoyipa imapanga a ntchito zosiyanasiyana ndi synchronize kumasulira kudzipatula madera enieni a mawonekedwe kumene deta tcheru amasonyezedwa; Kenako amagwiritsa ntchito kusiyana kwa nthawi pokonza ma pixel kuti adziwe mtengo wake (onani momwe Mbiri zamagetsi zimakhudza FPS).
- Imapangitsa kuti pulogalamu yomwe mukufuna kuti iwonetsere deta (mwachitsanzo, khodi ya 2FA kapena mawu omvera).
- Imabisa chilichonse kupatula malo osangalatsa ndikuwongolera mawonekedwe kuti pixel imodzi "ilamulire."
- Amatanthauzira nthawi za GPU (monga chodabwitsa cha mtundu wa GPU.zip) ndikumanganso zomwe zili.
Ndi kubwerezabwereza ndi kulunzanitsa, pulogalamu yaumbanda imachotsa zilembo ndikuziphatikizanso pogwiritsa ntchito Njira za OCRZenera la nthawi limachepetsa kuukira, koma ngati deta ikadali yowonekera kwa masekondi angapo, kuchira ndi kotheka.
Kukula ndi zida zokhudzidwa
Akatswiri adatsimikizira njirayo Google Pixel 6, 7, 8 ndi 9 ndi mu Samsung Way S25, yokhala ndi mitundu 13 mpaka 16 ya Android. "pafupifupi ma Android onse amakono" akhoza kukhala okhudzidwa.
M'mayeso okhala ndi ma code a TOTP, kuwukirako kudapezanso nambala yonse ndi mitengo pafupifupi 73%, 53%, 29% ndi 53% pa Pixel 6, 7, 8 ndi 9, motsatana, komanso nthawi pafupifupi pafupi 14,3s; 25,8s; 24,9s ndi 25,3s, kukulolani kuti mupite patsogolo pa kutha kwa ma code osakhalitsa.
Zomwe deta imatha kugwa
Kuwonjezera pa zizindikiro zotsimikizira (Google Authenticator), ofufuza adawonetsa kuchira kwa chidziwitso kuchokera kuzinthu monga maakaunti a Gmail ndi Google, mapulogalamu otumizira mauthenga monga Signal, nsanja zandalama monga Venmo kapena data yamalo kuchokera Maps Google, pakati pa ena.
Amakuchenjezaninso za data yomwe imakhalabe pazenera kwa nthawi yayitali, monga mawu obwezeretsa chikwama kapena makiyi anthawi imodzi; komabe, zinthu zosungidwa koma zosawoneka (mwachitsanzo, kiyi yachinsinsi yomwe siinawonetsedwe) ndizopitilira ku Pixnapping.
Google Response ndi Patch Status
Zomwe adapezazo zidadziwitsidwatu ku Google, yomwe idati nkhaniyi ndi yovuta kwambiri ndipo idasindikiza kuchepetsa koyamba komwe kumakhudzana ndi CVE-2025-48561Komabe, ofufuza anapeza njira zozemba, choncho Chigawo chowonjezera chalonjezedwa mu nyuzipepala ya December ndipo kulumikizana ndi Google ndi Samsung kumasungidwa.
Zomwe zikuchitika pano zikuwonetsa kuti chipika chotsimikizika chidzafunika kuunikanso momwe Android imagwirira ntchito kupereka ndi zokutira pakati pa mapulogalamu, popeza kuukira kumagwiritsa ntchito njira zamkati zomwezo.
Njira zochepetsera zovomerezeka
Kwa ogwiritsa ntchito otsiriza, ndi bwino kuchepetsa kuwonekera kwa data yomwe ili yodziwika bwino pazenera ndikusankha kutsimikizika kosamva phishing ndi tchanelo chakumbali, monga FIDO2/WebAuthn yokhala ndi makiyi achitetezo, kupewa kudalira ma code a TOTP pokhapokha ngati n'kotheka.
- Sungani chipangizo chanu chatsopano ndikugwiritsa ntchito zidziwitso zachitetezo zikangopezeka.
- Pewani kukhazikitsa mapulogalamu kuchokera magwero osatsimikizika ndikuwunikanso zilolezo ndi machitidwe odabwitsa.
- Osasunga mawu obwezeretsa kapena zidziwitso zikuwonekera; amakonda matumba a hardware kuteteza makiyi.
- Tsekani chophimba mwachangu ndi kuchepetsa zowoneratu za zinthu zachinsinsi.
Kwa magulu ogulitsa ndi chitukuko, nthawi yakwana fufuzani maulendo ovomerezeka ndikuchepetsa mawonekedwe: chepetsani mawu achinsinsi pazenera, yambitsani zodzitchinjiriza pazowoneka zovuta ndikuwunika kusintha kwa njira zopanda code zotengera hardware.
Ngakhale kuukira kumafuna kuti chidziwitso chiwonekere, kuthekera kwake kugwira ntchito popanda chilolezo ndipo pasanathe theka la miniti imapangitsa kukhala chiwopsezo chachikulu: njira yapambali yomwe imapezerapo mwayi pa Nthawi zoperekera GPU kuti muwerenge zomwe mukuwona pazenera, ndikuchepetsa pang'ono lero komanso kukonza kwakuya kukuyembekezera.
Ndine wokonda zaukadaulo yemwe wasandutsa zokonda zake za "geek" kukhala ntchito. Ndakhala zaka zoposa 10 za moyo wanga ndikugwiritsa ntchito ukadaulo wotsogola komanso kusewera ndi mitundu yonse yamapulogalamu chifukwa cha chidwi chenicheni. Panopa ndaphunzira luso la pakompyuta komanso masewera a pakompyuta. Izi zili choncho chifukwa kwa zaka zoposa 5 ndakhala ndikulembera mawebusaiti osiyanasiyana pa teknoloji ndi masewera a pakompyuta, ndikupanga nkhani zomwe zimafuna kukupatsani zambiri zomwe mukufunikira m'chinenero chomwe chimamveka kwa aliyense.
Ngati muli ndi mafunso, chidziwitso changa chimachokera ku chilichonse chokhudzana ndi makina opangira Windows komanso Android pama foni am'manja. Ndipo kudzipereka kwanga ndi kwa inu, nthawi zonse ndimakhala wokonzeka kuthera mphindi zochepa ndikukuthandizani kuthetsa mafunso aliwonse omwe mungakhale nawo pa intaneti.