Google sold smartphones with dangerous features: Hackers can attack millions of people

The vulnerability of the SHOWCASE application makes almost all Android Pixel devices targets for hacker attacks, giving cybercriminals the opportunity to introduce a harmful code. Google software for some Android phones contains a hidden feature that is dangerous and can be activated for remote control or tracking users. Details reported the edition of The Washington Post.

According to researchers from Iverify, their hidden feature gives them stores selling Pixel and other models to employees, full access so that they can demonstrate how devices work. Google reported in the commentary of The Washington Post that it would release an update to remove this feature from all the supported Pixel devices available on the market, in the future, in the future, Pixel software updates, said Ed Fernandez.

He said that the distributors of other Android phones would also be reported. The function in question is part of the program called Showcase. apk. It is usually inactive, but Iverify experts were able to activate it on their device. They believe that experienced hackers can also turn it on, even at a distance. Showcase. apk cannot be deleted from phones in the usual way.

When the application is active, it downloads the instructions from the site placed on Amazon Web Services and tries to connect to the unprotected web address, which starts with "HTTP" instead of the safer "HTTPS". Hackers can intercept the signal and make themselves for this site by sending the spy software instead of the instructions.

The application downloads the configuration file through an unprotected connection and can be manipulated to execute the code at the system level, they say in iverify. The vulnerability of this application makes millions of Android Pixel devices targets for hacker attacks, giving cybercrime an opportunity to introduce a harmful code. Ed Fernandez stated that the company did not notice any hacking Showcase, and suggested that it was unlikely.

The software was created for Verizon demonstration devices sold in stores and no longer used, he said. To operate this application on the user's phone requires both physical access to the device and password. Cybersecurity experts say Android smartphones produced by Samsung and other companies sometimes lag behind in the installation of Google's safety. They can be broken because of the vulnerability found.