Google Pixel & Pixel XL News & Updates: Two Security Flaws Revealed by Hackers In One Month
Although the Google Pixel and Pixel XL phones were previously claimed to be as secure as iPhones, a group of Chinese hackers easily hacked the device in one minute. The Google Pixel smartphone's security was tested during the PwnFest hacking competition in Seoul, South Korea on Nov. 11, 2016.
Motherboard reported that previously, Adrian Ludwig, director of Android security at Google, claimed that the Google Pixel was just as secure as iPhones. Ludwig said that for almost all threat models, the Google Pixel and Pixel XL and iPhone are almost identical in terms of their platform-level capabilities.
The Register revealed that Ludwig was proven wrong, however, by a group of white hat hackers from China, who quickly hacked a Google Pixel at the hacking contest in Seoul. The hackers, who work at security solutions firm Qihoo 360, unveiled an exploit that caused the breach and provided them with full remote access and entry to personal information stored in the Google Pixel.
The exploit started the Google Play store and then opened Chrome to display a web page that read, "PwnedBy 360 Alpha Team." The hackers were awarded $120,000 for the Google Pixel feat.
Aside from the Google Pixel, a number of app exploits were also revealed during the hacking competition. Qihoo 360 also hacked Adobe Flash quickly, showing a combination decade-old, use-after-free zero day and win32k kernel fault. The hack only took four seconds.
The updated Safari browser of Apple running on MacOS Sierra was also compromised by Pangu team hackers. The group is well-known for featuring free modern iOS jailbreaks. The team earned $80,000 for using a root privilege escalation zero day to attack Safari in 20 seconds. At the end of the day, Qihoo 360 raked in a cash prize of $520,000.
In October 2016, rival white hat hackers at Keen Team ofTencent were also able to hack the Google Pixel at the Mobile Pwn2Own event in Japan. Google allegedly worked immediately to fix the revealed exploits on the Google Pixel.
The Chrome bug was reportedly patched within 24 hours of the contest and the changes have already been provided into the stable branch by the Chrome team. More updates and details on Google Pixel and Google Pixel XL are expected soon.