The Google Pixel smartphone has only been available for a few weeks, but a remote code execution vulnerability has already been discovered by a Chinese hacking team. Thankfully, the exploit was discovered as part of the annual PwnFest hacking event, rather than in the wild.
The Qihoo 360 team used an unrevealed exploit to open the Google Play Store, and then opened the Chrome browser to show a web page that stated “Pwned By 360 Alpha Team”. The Chinese hackers won $120,000 for their efforts.
This is actually the second time the Google Pixel has been cracked by hackers during such an event. Last week, Keen Team of Tencent discovered and used a zero-day exploit to get into the smartphone at the Mobile Pwn2Own event in Japan.
Both of these vulnerabilities will be sent to Google so they can be fixed in upcoming patches for the Pixel. Again, owners of the smartphone should be grateful that these exploits were found during hacking events, rather than found by malicious hackers performing these remote code attacks in the wild.
The PwnFest event also saw Apple’s Safari and Microsoft’s Edge browsers get successfully hacked by teams, and Qihoo 360 even used a vulnerability in Adobe Flash that had been there for 10 years to perform a remote hack.