Google’s new flagship device, the Pixel, was hacked by a group of white hat hackers from Qihoo 360 in less than a minute. The hack happened at PwnFest, an annual hacking competition held in Seoul, South Korea. The hackers ran a remote code execution in the smartphone via zero-day vulnerability, and gained ‘remote code execution’ to display “Pwned By 360 Alpha Team” on the device's Chrome browser. The Qihoo 360 team also managed to hack into Adobe Flash and Apple Safari, and won $520,000 in prize money.
https://twitter.com/vangelis_at_POC/status/796974873822130176
The hackers have not made the vulnerability public. Instead it will be revealed to Google, which can be expected to fix it in the next series of updates.
This is not the first time that the Pixel's vulnerabilities have been exposed. Only last week a team from Tencent used a zero-day vunerability to hack into the smartphone at the Mobile Pwn2Own fest in Japan. Members of the team demonstrated that they could compromise several important aspects of the smartphone such as contacts, photos, messages, and phone calls. The Register quoted sources at Google who stated that the Chrome bug revealed by the team was patched within 24 hours of its discovery and changes have already been released to users.
During the PwnFest, other teams that demonstrated how information such as browsing data, phone contacts and card details could be extracted from devices. A team of Chinese hackers, called the Pangu Team breached Apple's Safari browser running on MacOS 20 Seirra in just 20 seconds. This feat earned them a $80,000 cash prize.