Google Pixel has been hacked by a group of Chinese hackers, while Apple Safari and Adobe Flash have dropped next to it in a PwnFest hacking competition held in Seoul on Friday.
Mountain View's latest device offering was hacked by a white-hat from Chinese company Qihoo 360, who used an unknown vulnerability to achieve remote code execution winning $120.000 in prize money.
Το exploit ανοίγει το Google Play store πριν τρέξει ο Chrome and displays a webpage that says: “Pwned By 360 Alpha Team”.
Google is now trying to develop a patch that fixes vulnerability.
Let's mention that it is the second time in two εβδομάδες που παραβιάζεται η ασφάλεια του Pixel. Την πρώτη φορά (το zero-day είναι ακόμη unpatched) το exploit αναπτύχθηκε από την αντίπαλη ομάδα της Qihoo 360, την Keen της Tencent και έγινε δημόσια στην εκδήλωση Mobile Pwn2Own στην Ιαπωνία.
After hacking in Google Pixel they were in a different order:
Apple's Safari now fully updated on MacOS Sierra δεν φάνηκε και πολύ τυχερό.Οι επίσης Κινέζοι hackers της Pangu μια ομάδα που είναι γνωστή για την κυκλοφορία εργαλείων για jailbreak του iOS μαζί με τον hacker JH, παραβίασαν το πρόγραμμα περιήγησης του Cupertino χρησιμοποιώντας ένα zero day που τους έδινε root πρόσβαση. Για το hack χρειάστηκαν 20 δευτερόλεπτα και κέρδισαν 80.000 δολάρια.
The Qihoo 360 team also infringed Adobe Flash (using a finger) using a zero-day discovery that was discovered ten years ago and a vulnerability of Win32k. They won another 120.000 dollars, and it took four seconds.
Another notable hack of PwnFest was in Microsoft Edge and a zero day exploit against the VMWare Workstation, which was released on Thursday.
Qihoo 360 hackers left with 520.000 dollars in prize money from the event.