A serious vulnerability has been discovered in Google Pixel smartphones related to the pre-installed software Showcase.apk , which could potentially be used to spy on users. Google plans to fix the problem soon.
Pixel Vulnerability
Security Issue Disclosure
Cybersecurity company iVerify has published an alarming report about a serious vulnerability in Google Pixel smartphones. According to the study, most of these devices sold since the fall of 2017 contained software that could potentially be used to monitor or remotely control users' gadgets.
Detection Process
The issue was discovered after iVerify's EDR system detected an unsecured Android device at Palantir Technologies , which is an iVerify client. A joint investigation by iVerify, Palantir and Trail of Bits discovered a hidden Android software package called Showcase.apk on Google Pixel devices. As a result of this discovery, Palantir, a data analytics company, decided to completely ban the use of Android devices within its organization.
Origin and purpose of the software
According to the iVerify report, the software was developed by Smith Micro Software, presumably for Verizon for demonstration purposes in retail outlets. By default, the program was in an inactive state and required manual activation.
Potential threats
The report notes that when activated, Showcase.apk makes the operating system vulnerable to hacker attacks, including including man-in-the-middle attacks, malware injection and spyware. iVerify experts emphasize that the consequences of this vulnerability can be extremely serious and potentially lead to data leakage amounting to billions of dollars.
Google's response
Google spokesman Ed Fernandez commented on the situation, saying that the software was created exclusively for Verizon demo devices in stores and is currently not in use. He also added that the company does not have evidence of active use of this vulnerability by attackers.
Fixes
iVerify notified Google of its discovery in early May. Despite this, the company did not make information about the vulnerability public and did not release a software update to solve the problem. However, the app is slated to be completely removed from all Pixel devices in the coming weeks.
Glossary
- Google Pixel is a line of smartphones developed by Google
- iVerify - cybersecurity company
- Palantir Technologies - American big data analytics company
- Verizon - one of the largest cellular operators in the US
- Smith Micro Software - software development company
Links
Answers to questions
What vulnerability discovered by iVerify in Google Pixel smartphones?
How was this vulnerability discovered?
Who developed this software and why?
What is Google's response to the discovered vulnerability?
What steps have been taken to resolve this issue?
Hashtags
Save a link to this article
Discussion of the topic – Google Pixel Vulnerability: Millions of Smartphones at Risk Since 2017
iVerify has disclosed a serious vulnerability in Google Pixel smartphones sold since September 2017. The detected problem allows for surveillance and remote control of user devices.
Latest comments
8 comments
Write a comment
Your email address will not be published. Required fields are checked *
Isabella
Wow! I had no idea that my Pixel could have such a vulnerability. 😱 I wonder how this will affect Google's future sales?
Hans
This is a serious security issue. Palantir did the right thing by banning Android devices. But why hasn't Google released an update yet? 🤔
Amelie
Isabella, I think this could be a big hit to Google's reputation. Although they say that this is only for demo devices, it still sounds scary. 😨
Carlos
Guys, don't you think this might be an exaggeration on iVerify's part? They are a cybersecurity company, it is profitable for them to stir up panic. 🤷♂️
Olaf
Oh, these newfangled gadgets! There are always problems with them. In my time, telephones were simple and reliable, and no one was spying on us. Why do we even need these smart phones?
Sophia
Carlos, you may be right, but it's better to be safe. I'm wondering if I should temporarily disable some features on my Pixel? 🤔 Does anyone know how to do this?
Pierre
Olaf, times are changing! 😄 As for security, I think Google will quickly solve this problem. They cannot afford to lose the trust of users.
Marta
I agree with Pierre. Google is usually quick to respond to these things. But still, maybe you should think about switching to an iPhone? 🍎 What do you think?