close
close

Yiamastaverna

Trusted News & Timely Insights

    • Security flaw in Pixel phones could give hackers comprehensive access
    Michigan

    Security flaw in Pixel phones could give hackers comprehensive access

    Caradoc Wyn Posted on

    • Cybersecurity firm iVerify has discovered a vulnerability in Google Pixel apps that has existed since 2017 and could affect millions of users.
    • The vulnerability was found in a pre-installed app called Showcase.apk, which was used to enable demo mode in the device for in-store displays.
    • Google has already fixed the vulnerability and says a patch is in preparation.

    Security flaw in Pixel phones could give hackers comprehensive access

    A serious vulnerability was discovered in a pre-installed Google Pixel app that could affect millions of users. The discovery was made by cybersecurity firm iVerify, which published a full report on it.

    The weak point lies in a pre-installed Android app called Showcase.apk was developed by Smith Micro. It was used to Activate demo mode in store display equipment.

    It was not originally part of the Android firmware, but was later integrated into it at the request of the wireless carrier Verizon.

    The app is very powerful and has high system privileges. If compromised, threat actors can use it to Execute remote codes or install malicious packages on the device.

    However, before this app can be compromised, there is must be an entry point. This entry point is provided by the way Showcase.apk communicates with its host.

    “The application downloads a configuration file over an insecure connection and can be manipulated to execute system-level code” – iVerify report

    Put simply: The app retrieves its configuration file from a single US domain hosted on Amazon Web Services (AWS) over an unsecured HTTP connection. This insecure connection makes the files vulnerable to interception during transmission, thus putting the device at risk.

    Google is already working on a solution

    The vulnerability is present in many devices shipped since 2017, so the total number of vulnerable users could be in the millions. But the good news is that a fix is ​​already being worked on.

    • Google has addressed the issue and stated that it release a patch soon for all “supported Pixel devices on the market” in a few weeks.
    • The does not include the Pixel 9 series In the test, none of the four models in the series showed this weakness.
    • Verizon was also informed of the vulnerability. Although the company no longer uses the app and has not received any indication of ongoing exploitation, it has nevertheless decided to Remove the feature from all devices it only supports to provide additional security.
    • Finally, Google also said that this is not a problem with Pixel phones or Android. The problem lies with Smith Micro.
    • Google has therefore decided Notify other Android manufacturers as this issue can also occur on third-party devices.

    The good news – so far there is no indication that the vulnerability was exploitedThis is probably because no threat actor is aware of it or the app is not enabled by default.

    But now that the news is public, we can just hope that Google’s fix arrives before a malicious actor can exploit the vulnerability.

    The Tech Report - Editorial ProcessThe Tech Report - Editorial ProcessOur editorial process

    Tech Report’s editorial policies focus on providing helpful, accurate content that provides real value to our readers. We only work with experienced writers who have specific knowledge of the topics they cover, including the latest developments in technology, online privacy, cryptocurrencies, software, and more. Our editorial policies ensure that every topic is researched and curated by our in-house editors. We maintain strict journalistic standards, and every article is 100% written by real writers.
    Tagged:

    LEAVE A RESPONSE

    Your email address will not be published. Required fields are marked *

    Caradoc Wyn
    View all posts

    You Might Also Like

    ads