The PwnFest hacking competition that took place in Seoul gathered the most skilled hackers and a group called Qihoo 360 won the $120,000 cash prize for successfully breaking into Google’s Pixel handset using a zero-day vulnerability. Google will need to bring a patch fast, to fix this vulnerability as soon as possible.
Qihoo 360 found a hole in Google’s Pixel and it seems that’s it’s also present in the XL version of the flagship. Google didn’t know about it, so it shipped its devices before remediating the issue. The hackers have demonstrated the severity of this vulnerability using remote code execution. A special message was sent to the device and hackers clicked on it, triggering the attack. The Google Play Store and Google Chrome were opened and the latter showed a message reading “Pwned by 360 Alpha Team”.
The attackers accessed the phone’s full list of permissions, as it was shown in the video, thanks to a rogue app install, leaving all data, such as multimedia, contacts and communication channels open to any form of exploitation. Thankfully, Qihoo 360 is a group of white-hat hackers and they don’t intend to do any harm, but they make money from selling information about vulnerabilities they find. These hackers have also found vulnerabilities in Microsoft Edge and Adobe Flash and for demonstrating the vulnerability in the Pixel, they’ve won $520,000 at the event.
Google’s new Pixels were released with battery problems and a Band 4 connectivity issue and they’re also missing some of the ambient notification tools that were introduced in the Nexus 6. In order to fill in the gap, a developer has released Ambi-Turner, which enables the ambient notification screen every time the device is taken out of the pocket or flipped over. There are many users who don’t like hitting the power button or the fingerprint scanner to see their current notifications and this free version of the application takes care of this problem.