Subj : Millions of Pixel phones could be vulnerable to a new cyberattack To : All From : TechnologyDaily Date : Fri Aug 16 2024 02:15:05 Millions of Pixel phones could be vulnerable to a new cyberattack here's what you need to know Date: Fri, 16 Aug 2024 01:00:57 +0000 Description: A cybersecurity company discovered Showcase.APK which can give hackers backdoor access to your Pixel phone. FULL STORY ====================================================================== Cybersecurity firm iVerify recently discovered a serious vulnerability affecting millions of Pixel smartphones worldwide and published their findings in a new report. According to the document , the offending software in question is called Showcase.apk. It was originally developed by third-party company Smith Micro Software for demo devices inside Verizon stores . Employees at these locations would have deep access to a Pixel phones many functions in order to demonstrate how they work to interested customers. Normally, Showcase is dormant; it doesnt do anything. However, it is possible for a skilled-enough hacker to activate it via a backdoor. The APK (Android Package Kit) receives its configuration file from an insecure domain on Amazon Web Services. A bad actor could, theoretically, intercept these connections or impersonate the website and inject a Pixel phone with malware or spyware. Plus, since Showcase has excessive system privileges, its easy for cybercriminals to compromise a target . Whats particularly scary is Showcase has been a part of the Google Pixel ecosystem since September 2017. And the worst part is the average user cannot remove the APK through the standard uninstallation process as it is considered a system-level app. iVerify states only Google can fix this. Fix underway As bad as things may be, there is good news. First, it appears no one, not even the bad actors, knew about the exploit. A Google spokesperson told The Washington Post that they havent seen any attacks that could be attributed to Showcase. They claimed there isnt any evidence of active exploitation and went as far as to suggest such an attack would be unlikely. Google is well aware of the problem. The tech giant told Forbes they are taking action out of an abundance of precaution and planning to roll out a patch to all supported in-market Pixel devices. Dont worry about the Pixel 9 series as none of the four models have Showcase.apk. Verizon has also been made aware of the report. They state that they no longer use the Showcase function, and similarly, the carrier didnt see any evidence of ongoing exploitation. However, like Google, Verizon is removing the function from supporting phones out of an abundance of precaution. Patch availability We reached out to Google for clarification and the same spokesperson from earlier shared similar information although they added that this isn't an Android or Pixel vulnerability. Instead, the tech giant is pointing the finger at Smith Micro. They tell us the patch for Pixel phones is rolling out within the coming week and Google is notifying other Android manufacturers, implying that third-party devices could have the same problem. No word on when third-party Androids will receive their own fix. Presumably, it all be at the behest of the other brands. If you're looking for ways to improve device security, check out TechRadar's seven tips on how to keep your smartphone safe . You might also like Best Pixel phones 2024: these are the Google phones to buy right now Google Wallet now lets you add passports, library cards, and health insurance, thanks to AI Latest Android 15 beta teases a tiny taskbar and less annoying notifications ====================================================================== Link to news story: https://www.techradar.com/computing/software/millions-of-pixel-phones-could-be -vulnerable-to-a-new-cyberattack-heres-what-you-need-to-know --- Mystic BBS v1.12 A47 (Linux/64) * Origin: tqwNet Technology News (1337:1/100) .