60-Second Google Pixel Hack Wins $120k Prize

A team of Chinese hackers compromised the security of Google’s new premier smartphone, the Pixel, in less than a minute, earning it members a cash prize of $120,000. The white-hat hacking team, Qihoo 360, exploited a critical vulnerability in the Google Pixel while competing in the 2016 Pwnfest hacking festival in Seoul, South Korea this week, The Register reports.

Qihoo 360 exploited a zero-day vulnerability to implement remote code execution (RCE) on the Pixel. The exploit launched the Google Play Store and opened a Google Chrome tab that read “Pwned by 360 Alpha Team.”

Not content with embarrassing Google, Qihoo 360 also compromised Adobe Flash in about four seconds, using a use-after-free zero-day vulnerability – which is more than ten years old – and a win32k kernel flaw to down the much-maligned software, which bagged the team another $120,000. In total, Qihoo 360 won $520,000 at 2016 Pwnfest.

Qihoo 360 has racked up a number of serious white-hat hacks over the last few years, the most notable being its remote hack of a Tesla Model S electric car, which gave the team control over the locks, horn, and sunroof controls while the car was being driven.

As it did with its Tesla hack, Qihoo 360 will share the details of its Pixel hack with Google in order to help them patch the vulnerability.