The scary vulnerability of Google’s new Pixel smartphones could compromise your data.
Google’s new Pixel and Pixel XL smartphones have been getting rave reviews from critics and users alike. Competing in the high-end segment, these smartphones give iPhone a run for their money. And while Google claims the smartphones to be as secure as iPhones, a team of Chinese hackers were successfully able to hack the Pixel smartphone in less than 60 seconds.
At the PwnFest 2016 hacking competition in Seoul, a team called White-Hat hackers from Qihoo 360 demonstrated the ability of achieving remote code execution to gain control of the Google Pixel smartphone. To obtain remote code execution (RCE), the team demonstrated a proof-of-concept exploit that uses a zero-day vulnerability, TheRegister reports. The exploit allows for easy installation of malicious code on Pixel and Pixel XL smartphones. The hackers managed to launch the Play Store before opening a web page on Chrome that read “Pwned By 360 Alpha Team,” and won a cash prize of $120,000.
This is not the first time the Google Pixel smartphone has been hacked. At the Mobile Pwn2Own event in Japan, Keen Team of Tencent had discovered a zero-day exploit on Pixel, giving them an access to the smartphone’s data. Google has already been informed about the vulnerabilities and a fix for the same is expected as a part of security update patch next month. ALSO READ: Another high-risk Android vulnerability discovered, Google publishes a fix
The above video demonstrates how the attackers managed to hack the smartphone. They had a rogue app running in the background, giving them full list of required permissions. The exploit leaves all your data, including contacts, songs, videos, music and communication channels open for the attacker to see. ALSO READ: Google’s full-disk encryption flaw could put millions of Android users at risk
The team was able to successfully breach Adobe Flash using a combination of a decade-old, vulnerability and once again won cash prize of $120,000. Pangu Team, on the other hand, was able to fetch $80,000 for breaking through Safari on MacOS Sierra using privilege escalation vulnerability. It roughly took 29 seconds for the team to break past the restrictions. ALSO READ: How to root Google Pixel and Pixel XL in 5 steps
Apple’s iOS is closed source, which makes it a little difficult for hackers to break through restrictions. However, in case of Android, its open source design and over the top customizations make it far more vulnerable to hacking. Earlier this year, we have already come across QuadRooter vulnerability that had put about 1 billion Qualcomm-powered Android smartphones at risk. The security flaw gives attackers an unrestricted access to all the sensitive personal data stored on your smartphones. ALSO READ: QuadRooter vulnerability puts nearly 1 billion Qualcomm-powered Android smartphones at risk: Report
There was yet another Android vulnerability related to Google’s full-disk encryption that allows one to easily hack encrypted smartphones that are powered by Qualcomm chipsets. The best way to ensure that your smartphone remains safe from malware and other such attacks, it is recommended to download and install the updates whenever available. Also, when an app asks you for permission, be very careful before granting them. For instance, a third-party camera app doesn’t need to access your contacts or text messages. We would also recommend to avoid side-loading apps using APK files.