The Google Pixel, a device that is being considered as possibly the best Android smartphone to date, has just been hacked by Chinese team in less than 60 seconds.
The feat was achieved by white hat hackers from security solutions company Qihoo 360 at PwnFest, a hacking competition held in Seoul, South Korea.
The Google Pixel Hack
At PwnFest, Qihoo 360 demonstrated an exploit that gave the team access for remote code execution on the Google Pixel. Using a zero-day vulnerability, the team hacked the smartphone in less than 60 seconds, allowing them to remotely install code on the smartphone.
The exploit allowed Qihoo 360 to launch the Google Play Store and the mobile version of the Google Chrome browser, with a message that read "Pwned by 360 Alpha Team" displayed on the Google Pixel afterwards.
The hackers were also able to gain full remote access to the smartphone, allowing them to access all the personal information stored in the device, including messages, contacts, phone calls and content such as photos.
Are Google Pixel Owners Safe?
Fortunately, as the Qihoo 360 team is made up of white hat hackers, they were not interested in using the exploit for criminal applications. They did come away with a cash prize of $120,000 though, after their demonstration of the hack.
The team has also sent over the details of the Google Pixel vulnerability to Google, with the company now working on a patch that will protect owners of the smartphone from the security issue.
Google Pixel Security Issues
Early this month, Android director of security Adrian Ludwig said that the Google Pixel and the iPhone of rival Apple are on the same level when it comes to security, a bold claim considering that Android is far more vulnerable to hacking due to its open source nature and various customizations.
However, last month at the Mobile Pwn2Own event in Japan, Tencent's Keen Labs were also able to breach the security of the smartphone. The software of the Google Pixel itself even carries its own vulnerability, as the Trusted Voice feature that allows users to unlock the smartphone through a voice command is enabled by default, despite its many potential security concerns.
Other Hacking Victims At PwnFest
PwnFest saw the security measures of many other devices and software fall in attacks launched by white hat hackers. Among the victims are Apple's updated Safari on MacOS Sierra, Adobe Flash, Microsoft Edge and VMWare Workstation.
Qihoo 360 walked away from the event with a total of $520,000 in prizes.