If you own a Google Pixel, this news may startle you initially. At the PwnFest 2016 event in Seoul a couple of days back, a white-hat hacker group named Qihoo 360 demonstrated a Google Pixel hack. The team hacked the Google Pixel phone in just a minute at the hacking competition and won a cash prize of $120,000!
While that’s really impressive if you look at it with a developer’s point of view, what this means is that Google needs to patch a lot of security vulnerabilities in its new Pixel handset and in Android Nougat. It is being said that both the Pixel and the Pixel XL are vulnerable to the new hack, which is being called as a zero-day vulnerability. It’s a hole in the security of the new phones and it is present in the initial OS that shipped with the devices. And if we are correct, Google hasn’t released any security patches for the new HTC-made phones.
The hack is pretty severe and the hacker group did it by a process called remote code execution. The attack was triggered by a special message received on the device. The Pixel phone, after receiving the message, automatically opened up the Play Store and also the Google Chrome app. The Chrome app displayed a note: “Pwned by 360 Alpha Team”.
You can clearly see in the video below that the attacker’s side got full access to the phone’s permissions list with an app install in the background. This basically means that all your data, including contacts and multimedia, gets exposed and you are at the mercy of the hacker thereafter. Scary, isn’t it? Shouldn’t you be concerned?
Not really. As we already said, Qihoo 360 is a white-hat hacker group, and these kinds of hackers earn money by selling all the information about the vulnerabilities to the responsible party. In this case, the hackers will hand over all the data to Google, which will give the company enough time to fill in the loopholes and release security patches to fix all the vulnerabilities. The hack is in safe hands now.
Just so you know, the talented Qihoo 360 team won around $520,000 in total at PwnFest 2016. They also demonstrated an Adobe Flash hack and a Microsoft Edge vulnerability in Windows 10. Well, at least these are responsible and ethical hackers. Thank goodness for that!