Google’s new flagship smartphone, which runs the latest Android 7.0 Nougat operating system, supposedly succumbed to a team of hackers in less than 60 seconds.
At a security conference in Seoul, a group of white-hat hackers known as Qihoo 360 demonstrated an exploit that allowed for remote code execution on the Pixel. They reportedly used a zero-day vulnerability to remotely install code on Google’s much sought after device. Qihoo 360 also took home a $120,000 cash prize for the hack for their effort.
Hackers also showed how they could compromise all aspects of the phone including contacts, photos, messages and phone calls respectively.
According to reports, the team launched Google Play Store and then Google’s mobile version of Chrome on the device using the exploit before displaying a message that read ‘Pwned by 360 Alpha Team’.
Sadly, this is the second time the handset has been shown to be vulnerable to remote code execution. Earlier, a report pointed out that Android Nougat actually makes it easier to brute force encryption passwords than previous versions of the platform. Google is now working on a patch for both these issues.
The team of hackers also won another $120,000 for breaching Flash in less than 4 seconds while the Pangu Team nabbed $80,000 for breaking through Safari running on MacOS Sierra with a privilege escalation vulnerability that took 20 seconds.
With this level of apparent vulnerability for even the most high end devices, it pays to remember: always keep your devices updated and patched with the latest updates.
