The Google Pixel is done hacked by a group of Chinese hackers while Apple Safari and classic Adobe Flash fell next to it in a hacking contest PwnFest held in Seoul on Friday.
The last offer of Mountain View device was violated by a white-hat of the Chinese company Qihoo 360, who used an unknown vulnerability to manage remote code execution by winning 120.000 dollars as a cash prize.
The exploit opens the Google Play store before Chrome runs and displays a webpage that reads: "Pwned By 360 Alpha Team".
Google is now trying to develop a patch that fixes vulnerability.
Let's say it is the second time in two weeks that Pixel security is breached. The first time (zero-day is still unpatched) exploit was developed by Qihoo 360's rival team, Tencent's Keen, and became public at Mobile Pwn2Own in Japan.
After hacking in Google Pixel they were in a different order:
Apple's Safari now fully updated on macOS Sierra didn't seem too lucky. The also Chinese hackers of Pangu, a group known for releasing tools for jailbreak του iOS μαζί με τον hacker JH, παραβίασαν το πρόγραμμα περιήγησης του Cupertino χρησιμοποιώντας ένα zero day που τους έδινε root πρόσβαση. Για το hack χρειάστηκαν 20 seconds and won $80.000.
The Qihoo 360 team also infringed Adobe Flash (using a finger) using a zero-day discovery that was discovered ten years ago and a vulnerability of Win32k. They won another 120.000 dollars, and it took four seconds.
Another notable PwnFest hack was on Microsoft Edge but also a zero day exploit (the first) against VMWare Workstation presented on Thursday.
Qihoo 360 hackers left with 520.000 dollars in prize money from the event.
