Google launched the Google Pixel smartphones last month and they are pretty much the best of what Android as an ecosystem has to offer. Well, since the software is the best of Android, you may think that they could be good or at least commendable when it comes to security. But it looks like they are not. Yes, if your smartphone gets hacked within 60 seconds, would you call it a secure device? Not in my dictionary at least. Well, yes, that’s the case here with the Google Pixel.
At the PwnFest hacking competition which was held yesterday in Seoul, a white-hat hacker group, called Qihoo 360 demonstrated an interesting hack. It was targetted towards the so called best of Android software running Google Pixel handset. And guess what? They successfully hacked the device within 60 seconds and filled their pockets with a cash prize of $120,000. And yes, they also gave a lot of work to Google’s security experts.
The Qihoo 360 team demonstrated an exploit that allowed for remote code execution on the Pixel. They used a zero vulnerability to remotely install the code onto the device. Now if you ask how severe is this hack? Well, if someone is able to remotely access your device, then i would say it is a matter of concern. The exploit which they demonstrated, launched the Google Play Store after that the Google’s mobile version of the Chrome web browser and then a message which reads “Pwned by 360 Alpha Team.”
Although they didn’t do anything with the device, it was indeed quite clear that the attacker can have full access to the device along with the full list of permissions. This means that all your user data including the contacts, messages, emails, multimedia files and everything else which you want to keep to yourself can go out in the wild for everyone to know. If this isn’t scary enough, then probably you should not worry about it then. But it is definitely worth noting that this group of hackers came out of the event with a total of $520,000 cash prize since they demonstrated other vulnerabilities in Microsoft Edge on Windows 10 and one in Adobe Flash.
On the other hand, if this scares you, then there is a good news for you. Since these are a bunch of white-hat hackers, they make money by selling such information about the vulnerabilities to the responsible and the concerned parties. And in this case, the responsible party is Google. And we are pretty sure that by this time, they are already working on a patch for the same or if not, we at least hope that they will start working one soon. We don’t have any word from Google on this as of now, hence we suggest you stay tuned for more info.