The cybersecurity firm iVerify has unveiled a new report highlighting vulnerabilities in Google Pixel smartphones. It notes that the majority of these phones sold since September 2017 contained software that could be used for surveillance or remote control of user devices.
The vulnerability was discovered after the iVerify EDR scanner flagged an unsecured Android device at Palantir Technologies—a client of iVerify. Following the initiation of a joint investigation by iVerify, Palantir, and Trail of Bits, a hidden Android software package—Showcase.apk—was found on Google Pixel devices. Subsequently, Palantir, a data analytics company, prohibited the use of Android devices across the organization.
According to the iVerify report, the software was developed by Smith Micro Software and appears to have been created for Verizon to display in retail stores. The application was inactive by default and had to be manually enabled.
“When activated, Showcase.apk makes the operating system vulnerable to hackers and susceptible to 'man-in-the-middle' attacks, code injection, and spyware,” the report states. “The impact of this vulnerability is substantial and may lead to data losses totaling billions of dollars.”
A Google representative, Ed Fernandez, stated that this software was designed “for display devices for Verizon in stores and is no longer in use.” He added that Google “sees no evidence of any active exploitation” of this vulnerability.
iVerify informed Google of its findings in early May. The company did not publicly disclose the vulnerability nor release a software update to address the issue. The application is expected to be removed from all Pixel devices “in the coming weeks.”
Source: The Verge
Comments (0)
There are no comments for now