Google Pixel Phones Face Security Vulnerabilities, iVerify Reports

TapTechNews August 16th news, the tech blog iVerify released a blog post yesterday (August 15th), reporting that there are security vulnerabilities in Google's Pixel series of phones, which can be exploited by attackers to remotely execute code, install malicious software, and so on.

Vulnerability Profile

The root cause of this vulnerability is a third-party Android software package named Showcase.apk, developed by SmithMicro and used to help Verizon set the store's phones to retail demo mode.

TapTechNews quoted the media report that this application can not only remotely execute code and install software, but also download configuration files through an unencrypted HTTP network connection, meaning that hackers can hijack Pixel devices through this vulnerability.

Verizon has no longer used Showcase, but the Android version of Google Pixel smartphones still contains this APK.

Impact Range

Google pre-installed this application in several previous Pixel phones, but the newly launched Pixel 9 series phones have removed this application and are therefore not affected.

Fix

Google disclosed this vulnerability message in May this year and has not yet been repaired, but Google said it has planned to remove this application through an update.

iVerify believes that the Showcase application may also be embedded in other Android devices. Google said that just in case, the company is already notifying other Android manufacturers.