November 14, 2016

pixel-safari-edgewindows-10-1

 

 

Google’s new Pixel smartphone was reportedly hacked by a Chinese team in just 60 seconds.

 

At PwnFest, a hacking competition in Seoul on Friday (11 November), a team of white-hat hackers called Qihoo 360 cracked Google’s new handset and won $120,000 (£95,670) in cash. The hackers took advantage of a vulnerability to gain remote code execution that is undisclosed.

 

The exploit launched the Google Play store before opening Chrome and displaying a web page reading “Pwned By 360 Alpha Team”.

 

Google said the Chrome bug that Keen Team found was patched within 24 hours of the event and the changes have already been released into the stable branch by the Chrome team.

 

It was the second time in as many weeks that the Pixel has been compromised.

 

Chinese hacking group, Keen Team of Tencent, a rival of Qihoo 360, discovered a zero-day vulnerability at the Mobile Pwn2Own event in Japan. The vulnerability is yet to be patched. Thankfully, these exploits have been found in hacking events, instead of being used in the wild by attackers.
While these exploits suggest Pixel phones are vulnerable to attackers, earlier this month Adrian Ludwig, the director of security at Android, told Motherboard that the Google Pixel and the iPhone are equal when it comes to security. Ludwig said Android would be soon better though. “In the long term, the open ecosystem of Android is going to put it in a much better place,” he said.

 

 
Apple’s updated Safari browser running on MacOS Sierra also fell. Respected Chinese hacker outfit Pangu Team renowned for releasing million-dollar persistent modern iOS jailbreaks for free, along with hacker JH, blasted Cupertino’s web browser with a root privilege escalation zero day that took 20 seconds to run, earning the team $80,000.
Qihoo 360 also breached Adobe Flash with a flick of the finger, digging up a combination decade-old, use-after-free zero day and a win32k kernel flaw to score $120,000.

 

It took four seconds for Flash to fall.

 

The hacks conclude the PwnFest whitewash, which saw Microsoft Edge hacked and the first-ever zero day exploits against VMWare Workstation on Thursday.

 

Qihoo 360 hackers walked away with $520,000 in prize money.

Share