Google’s new smartphone, which runs the latest Android 7.0 Nougat operating system, got hacked by a team of hackers in less than 60 seconds.
At a security conference in Seoul, a group of white-hat hackers known as Qihoo 360 demonstrated an exploit that allowed for remote code execution on the Pixel. They reportedly used a zero-day vulnerability to remotely install code on Google’s much sought after device. Qihoo 360 gets a $120,000 cash prize for their of hack.
Hackers also showed how they could compromise all aspects of the phone including contacts, photos, messages and phone calls respectively.
According to reports, the team launched Google Play Store and then Google’s mobile version of Chrome on the device using the exploit before displaying a message that read ‘Pwned by 360 Alpha Team’.
Sadly, this is the second time the handset has been shown to be vulnerable to remote code execution. Earlier, a report pointed out that Android Nougat actually makes it easier to brute force encryption passwords than previous versions of the platform. Google is now working on a patch for both these issues.
The team of hackers also won another $120,000 for breaching Flash in less than 4 seconds while the Pangu Team nabbed $80,000 for breaking through Safari running on MacOS Sierra with a privilege escalation vulnerability that took 20 seconds.
With this level of apparent vulnerability for even the most high end devices, it pays to remember: always keep your devices updated and patched with the latest updates.
The team also demonstrated how to compromise all of the Google Pixel phone feature, including the contacts book, photos, messages and phone calls.
Thankfully, for any concerned Pixel phone owners, these exploits will soon be closed by Google.
But this is not the first time Google Pixel has been successfully cracked by white hat hackers. Chinese hacking group, Keen Team of Tencent – a rival of Qihoo 360, discovered a zero-day vulnerability during the Mobile Pwn2Own event in Japan.
While the hackers didn’t disclose the exact vulnerability, they gained ‘remote code execution’ to display “Pwned By 360 Alpha Team” on the Chrome browser. However the report adds, Google has already patched the vulnerability that allowed the hackers to take control of the Chrome browser. The patch has already been released in a new stable build.
‘Qihoo 360’ team managed to win a total of $ $520,000 in prize money as it also managed to hack into Adobe Flash in just four seconds. Interestingly Qihoo 360 is not the first team to hack into the Google Pixel smartphone.