Google Pixel gets hacked in sixty seconds at Pwnfest

305

A team of Chinese hackers hacked the Google Pixel alongside Apple Safari and Adobe Flash at the PwnFest hacking competition in Seoul on Friday.

Google’s latest offering was smashed by white-hat hackers from Qihoo 360, who demonstrated a proof-of-concept exploit that used a zero-day vulnerability in order to achieve remote code execution (RCE) on the target smartphone.

The exploit then launched the Google Play store before opening Chrome and displaying a web page reading “Pwned By 360 Alpha Team”.

This won them a nice $120,000 cash prize and Google will now work to patch the vulnerability.

It was the second time in as many weeks that the Pixel has been compromised.

The first still-unpatched zero day was developed by Qihoo 360 rival Keen Team of Tencent at the Mobile Pwn2Own event in Japan.

Hackers there showcased the exploit at the PwnFest hacking event in Seoul today showing how they could compromise all aspects of the phone including contacts, photos, messages, and phone calls.

Apple’s updated Safari browser running on MacOS Sierra also fell. Respected Chinese hacker outfit Pangu Team renowned for releasing million-dollar persistent modern iOS jailbreaks for free, along with hacker JH, blasted Cupertino’s web browser with a root privilege escalation zero day that took 20 seconds to run, earning the team $80,000.

Qihoo 360 also breached Adobe Flash with a flick of the finger, digging up a combination decade-old, use-after-free zero day and a win32k kernel flaw to score $120,000.

It took four seconds for Flash to fall.

The hacks conclude the PwnFest whitewash, which saw Microsoft Edge hacked and the first-ever zero day exploits against VMWare Workstation on Thursday.

Qihoo 360 hackers walked away with a total of $520,000 in prize money.

Rapid Mobile uses cookies, tokens, and other third party scripts to recognise visitors of our sites and services, remember your settings and privacy choices, and - depending on your settings and privacy choices - enable us and some key partners to collect information about you so that we can improve our services and deliver relevant ads.

 

By continuing to use our site or clicking Agree, you agree that Rapid Mobile and our key partners may collect data and use cookies for personalised ads and other purposes, as described more fully in our privacy policy.

 

You can change your settings at any time by clicking Manage Settings or by visiting our Privacy Centre for more detailed information.

 

Privacy Settings saved!
Cookie Services

When you visit any website, it may store or retrieve information on your browser, mostly in the form of cookies. Because we respect your right to privacy, you can choose not to allow some types of cookies. Click on the different category headings to find out more and change our default settings. However, blocking some types of cookies may impact your experience of the site and the services we are able to offer.

These cookies are necessary for the website to function and enable essential services and functonality, including identify verification, service continuity and site security. Opt out is not availabe.

Essential Session management cookies for logged in users
  • wordpress_test_cookie
  • wordpress_logged_in_
  • wordpress_sec

For perfomance reasons we use Cloudflare as a CDN network. This saves a cookie "__cfduid" to apply security settings on a per-client basis. This cookie is strictly necessary for Cloudflare's security features and cannot be turned off.
  • __cfduid

Used by Spamshield to stop spam signups
  • _wpss_h_
  • _wpss_p_

NewsWire Service
  • BIGipServerwidget2_www_http

Decline all Services
Accept all Services