Would you believe it? Google’s new flagship smartphone Pixel has been hacked by a Chinese team at in under 60 seconds.
At PwnFest, a hacking competition in Seoul, South Korea, a team of white-hat hackers named as Qihoo 360 demonstrated an exploit that potentially allowed for remote code execution on the Pixel. In under 60 seconds, the team used a zero-day vulnerability to remotely install code on Google’s sought after device and won a cash-prize.
The exploit launched Google Play Store and then Google’s mobile version of Chrome before displaying a messaged that read “Pwned by 360 Alpha Team.”
Qihoo 360 team won a cash prize of $120,000 for the Pixel’s hack and sent Google to the drawing board in trying to figure out how to patch it.
It was not the first time in last many weeks that the Pixel has been compromised. The first still-unpatched zero day was developed by Qihoo 360 competitor Keen Team of Tencent at the Mobile Pwn2Own event in Japan.
Hackers there showcased the exploit at the PwnFest hacking event in Seoul today showing how they could compromise all aspects of the phone including contacts, photos, messages, and phone calls.
All told, the team walked away with $520,000 in cash prizes after demonstrating additional vulnerabilities in Microsoft Edge on Windows 10, and a decade-old exploit that inexplicably still works on Adobe Flash.
It may not be a good news for the Pixel but at least it doesn’t catch fire yet.
Google Pixel pwned in 60 seconds on The Register