Google’s new Pixel smartphone hacked at PwnFest 2016 in less than a minute
Chinese hackers has hacked the recently launched Google Pixel smartphone in less than 60 seconds at The PwnFest 2016 event in Seoul. A team called White-Hat hackers from Qihoo 360 was able to demonstrate the ability to achieve remote code execution to win the cash prize of $120,000 for hacking the Pixel.
In order to get the remote code execution (RCE) on the smartphone, the team first showed a proof-of-concept exploit which used a zero-day vulnerability. The exploit allowed the intruders to install malicious code on Google’s new own-brand smartphones without any difficulty.
Qihoo 360 used the vulnerability to launch the Google Play Store before opening Chrome and displaying a web page with the message “Pwned By 360 Alpha Team”. The team then went on to hack the Adobe Flash with a combination of a decade-old, vulnerability method and won cash prize of $120,000 again.
This is not the first time that a hacker team has reported security vulnerabilities of the Google Pixel. Prior to Qihoo, Keen Team of Tencent discovered and used a zero-day exploit to get into the smartphone data at the Mobile Pwn2Own event in Japan. Google has been informed about both the vulnerabilities, which is most likely to be fixed via monthly security update patches.
Further, besides Pixel and Adobe Flash, Microsoft Edge in Windows 10 was also hacked in PwnFest hacking competition. The concerned companies are said to be notified about the exploits so that they could repair the vulnerabilities.
PwnFest is a bug pwning ‘festival’ for better security organized by POC with the help of sponsors, vendors, and judges in 2016.