A group of white hackers from Chinese search engine giant Qihoo 360 managed to breach Google’s latest flagship smartphone Pixel’s security armour.
At the PwnFest, the hackers used a non-descript or rather unknown zero-day vulnerability to gain remote access to the smartphone and managed to win $120,000 in cash.
A zero day vulnerability refers to a hole in a software that is unknown to the vendor. This security hole is then exploited by hackers before the vendor becomes aware and hurries to fix it—this exploit is called a zero day attack.
Taking advantage of the vulnerability, the hackers installed an unwarranted code on the Pixel. They then used the exploit to open the Play Store and the mobile version of the Chrome browser.
Once the team had opened the Chrome browser, instead of the Google homepage, a message read “pwned by 360 Alpha team”.
Further, the remote access exposed all user data — contacts, messages, emails, photos, videos and credit/debit card details — to the hackers.
The hackers also went on to crack Adobe Flash in a matter of seconds, by using a combination of exploits. Reportedly, Flash was breached in four seconds flat, earning them cash prize of $120,000 ) more. The company even demonstrated Microsoft Edge vulnerabilities on Windows 10. All in all, the team earned $520,000 as prize money.
The event also saw many other teams also showcased how they could breach many aspects of phones and PCs – be it browsing data, phone contacts, card details and more.
Another hackers’ team from China called Pangu managed to breach the Safari browser running on macOS Sierra in a matter of 20 seconds earning them a cash award of $80,000