Google’s latest smartphone Pixel was hacked in less than 60 seconds by Chinese hackers at the 2016 PwnFest, casting huge doubts on the overall security of the device.
The 2016 edition of PwnFest in Seoul witnessed a team of Chinese hackers hack into Google’s Pixel smartphone in less than 60 seconds. The team used a new zero-day vulnerability which they were demonstrating. Unfortunately for Google, they chose their newest smartphone to demonstrate the seriousness of the vulnerability.
The white-hat hackers operating as ‘Qihoo 360’ successfully hacked into the Google Pixel smartphone in Seoul on Friday. They unpatched and undisclosed exploit was used to break into the smartphone in less than sixty seconds. It allowed the hackers to install malicious code and run remote commands on the smartphone with surprising ease.
They showed their proficiency and displayed the glaring hole in Google’s security framework by launching Google Chrome and showing a web page that read the message ‘Pwned by 360 Alpha Team’.
The white-hat hackers opened the Google Play Store after this, followed by showing to everyone present in the premises that they could access everything on the device like contacts, photos, messages, applications, phone calls, etc. So the hack was not only fast but also severely dangerous from Google’s point of view.
In their defence, it wasn’t like Google had been parading around the world saying that their Pixel smartphone is hack-proof, but being hacked into in such manner is surely a big blot on their reputation.
But Google knew that their newest creation in the smartphone segment is far from hack-proof, for another team of hackers, in the Mobile Pwn2Pwn event in Japan, going by the name Keen Team of Tescent was able to use a zero-day exploit to get their hands on the phone data in Google Pixel smartphone.
Both of these exploits have been reported to Google, who no doubt are working as hard as possible to fix them as soon as possible. As for Qihoo 360, they were able to rake up a cash prize of $120,000 at the expense of Google.
The team also exposed zero-day vulnerabilities in Flash Player and Microsoft’s Edge browser which could be exploited using a zero-day vulnerability that has been around for more than ten years. All in all, Qihoo 360 amassed $520,000 in cash prizes at the event in Seoul.