Google's new Pixel smartphone was reportedly hacked by a Chinese team in just 60 seconds.
At PwnFest, a hacking competition in Seoul on Friday (11 November), a team of white-hat hackers called Qihoo 360 cracked Google's new handset and won $120,000 (£95,670) in cash. The hackers took advantage of a vulnerability to gain remote code execution that is undisclosed.
The exploit launched Google Play Store before opening Chrome and displayed a web page that reads "Pwned By 360 Alpha Team", according to a report by the Register.
This is not the first time the Pixel phone has been hacked. Chinese hacking group, Keen Team of Tencent, a rival of Qihoo 360, discovered a zero-day vulnerability at the Mobile Pwn2Own event in Japan. The vulnerability is yet to be patched. Thankfully, these exploits have been found in hacking events, instead of being used in the wild by attackers.
Google said the Chrome bug the Keen team discovered was patched within 24 hours of the event and updates have been released.
The Qihoo 360 team at the PwnFest hacking event demonstrated how they could compromise all the features of the Pixel phone including contacts, photos, messages and phone calls.
Not only the Pixel phone, the hackers also successfully hacked Apple's updated Safari browser running on MacOS Sierra in just 20 seconds. They gained a root privilege to the app.
The team also breached Adobe Flash using a decade-old exploit. The hackers took only four seconds to hack Flash. The team walked away with total $520,000 in prize money after hacking Microsoft's Edge browser as well.
While these exploits suggest Pixel phones are vulnerable to attackers, earlier this month Adrian Ludwig, the director of security at Android, told Motherboard that the Google Pixel and the iPhone are equal when it comes to security. Ludwig said Android would be soon better though. "In the long term, the open ecosystem of Android is going to put it in a much better place," he said.