Google Pixel pwned in 60 seconds

Chinese teams kill Safari, laugh at four-second Flash hack


Power of Community The Google Pixel fell to a team of Chinese hackers alongside Apple Safari and Adobe Flash at the PwnFest hacking competition in Seoul on Friday.

Mountain View's latest offering was smashed by white-hat friendlies from Qihoo 360, who used an undisclosed vulnerability to gain remote code execution for $120,000 cash prize.

The exploit launched the Google Play store before opening Chrome and displaying a web page reading "Pwned By 360 Alpha Team".

Google said the Chrome bug that Keen Team found was patched within 24 hours of the event and the changes have already been released into the stable branch by the Chrome team.

It was the second time in as many weeks that the Pixel has been compromised.

The Pixel, pwned

The first still-unpatched zero day was developed by Qihoo 360 rival Keen Team of Tencent at the Mobile Pwn2Own event in Japan.

Hackers there showcased the exploit at the PwnFest hacking event in Seoul today showing how they could compromise all aspects of the phone including contacts, photos, messages, and phone calls.

Youtube Video

Apple's updated Safari browser running on MacOS Sierra also fell. Respected Chinese hacker outfit Pangu Team renowned for releasing million-dollar persistent modern iOS jailbreaks for free, along with hacker JH, blasted Cupertino's web browser with a root privilege escalation zero day that took 20 seconds to run, earning the team $80,000.

Qihoo 360 also breached Adobe Flash with a flick of the finger, digging up a combination decade-old, use-after-free zero day and a win32k kernel flaw to score $120,000.

It took four seconds for Flash to fall.

The hacks conclude the PwnFest whitewash, which saw Microsoft Edge hacked and the first-ever zero day exploits against VMWare Workstation on Thursday.

Qihoo 360 hackers walked away with $520,000 in prize money. ®


Keep Reading

Tech Resources

Apps are Essential, so your WAF must be effective

You can’t run a business today without applications—and because apps are critical to strategic business imperatives and commerce, they have become the prime target for attackers.

Webcast Slide Deck | How backup modernization changes the ransomware game

If the thrill of backing up your data and wondering if you will ever see it again has worn off, start the new year by getting rid of the lingering pain of legacy backup. Bipul Sinha, CEO of the Cloud Data Management Company, Rubrik, and Miguel Zatarain, Director of Global Infrastructure Technology at PACCAR, Fortune 500 manufacturer of trucks and Rubrik customer, are talking to the Reg’s Tim Phillips about how to eliminate the costly, slow and spotty performance of legacy backup, and how to modernize your implementation in 2021 to make your business more resilient.

Webcast Slide Deck | Three reasons you need a hybrid multicloud

Businesses need their IT teams to operate applications and data in a hybrid environment spanning on-premises private and public clouds. But this poses many challenges, such as managing complex networking, re-architecting applications for the cloud, and managing multiple infrastructure silos. There is a pressing need for a single platform that addresses these challenges - a hybrid multicloud built for the digital innovation era. Just this Regcast to find out: Why hybrid multicloud is the ideal path to accelerate cloud migration.

Top 20 Private Cloud Questions Answered

Download this asset for straight answers to your top private cloud questions.

Biting the hand that feeds IT © 1998–2021