Report: Google Pixel phones sold with hidden surveillance software

Share via:


Most Google Pixel phones sold since September 2017 included software that could be used to surveil or remotely control users’ phones, according to a new report from the cybersecurity company iVerify.

The vulnerability was discovered after iVerify’s endpoint detection and response (EDR) scanner flagged an insecure Android device at Palantir Technologies, an iVerify client. After launching a joint investigation, iVerify, Palantir, and Trail of Bits discovered a hidden Android software package — Showcase.apk — across Google Pixel devices. The data-mining firm Palantir, which sells its surveillance products to governments and private companies, banned Android devices across the company in response.

“This was very deleterious of trust, to have third-party, unvetted insecure software on it,” Dane Stuckey, Palantir’s chief information security officer, told The Washington Post. “We have no idea how it got there, so we made the decision to effectively ban Androids internally.”

According to iVerify’s report, the software was developed by a company called Smith Micro Software and appears to have been created for Verizon for in-store demos. The app was inactive by default and had to be manually enabled, the iVerify report found. “When enabled, Showcase.apk makes the operating system accessible to hackers and ripe for man-in-the-middle attacks, code injection, and spyware,” the report reads. “The impact of this vulnerability is significant and could result in data loss breaches totaling billions of dollars.”

In a statement to The Verge, Google spokesperson Ed Fernandez said the software was made “for Verizon in-store demo devices and is no longer being used,” adding that Google has “seen no evidence of any active exploitation.”

iVerify told Google about its report in early May, according to Wired. The company had not publicly disclosed the vulnerability, nor has it released a software update to remove the problem. Wired reported that Android would remove the app from all Pixel devices “in the coming weeks,” which Fernandez confirmed to The Verge.

“It’s really quite troubling. Pixels are meant to be clean,” Stuckey, of Palantir, told the Post. “There is a bunch of defense stuff built on Pixel phones.”



Source link

Disclaimer

We strive to uphold the highest ethical standards in all of our reporting and coverage. We StartupNews.fyi want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It’s possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.

Popular

More Like this

Report: Google Pixel phones sold with hidden surveillance software


Most Google Pixel phones sold since September 2017 included software that could be used to surveil or remotely control users’ phones, according to a new report from the cybersecurity company iVerify.

The vulnerability was discovered after iVerify’s endpoint detection and response (EDR) scanner flagged an insecure Android device at Palantir Technologies, an iVerify client. After launching a joint investigation, iVerify, Palantir, and Trail of Bits discovered a hidden Android software package — Showcase.apk — across Google Pixel devices. The data-mining firm Palantir, which sells its surveillance products to governments and private companies, banned Android devices across the company in response.

“This was very deleterious of trust, to have third-party, unvetted insecure software on it,” Dane Stuckey, Palantir’s chief information security officer, told The Washington Post. “We have no idea how it got there, so we made the decision to effectively ban Androids internally.”

According to iVerify’s report, the software was developed by a company called Smith Micro Software and appears to have been created for Verizon for in-store demos. The app was inactive by default and had to be manually enabled, the iVerify report found. “When enabled, Showcase.apk makes the operating system accessible to hackers and ripe for man-in-the-middle attacks, code injection, and spyware,” the report reads. “The impact of this vulnerability is significant and could result in data loss breaches totaling billions of dollars.”

In a statement to The Verge, Google spokesperson Ed Fernandez said the software was made “for Verizon in-store demo devices and is no longer being used,” adding that Google has “seen no evidence of any active exploitation.”

iVerify told Google about its report in early May, according to Wired. The company had not publicly disclosed the vulnerability, nor has it released a software update to remove the problem. Wired reported that Android would remove the app from all Pixel devices “in the coming weeks,” which Fernandez confirmed to The Verge.

“It’s really quite troubling. Pixels are meant to be clean,” Stuckey, of Palantir, told the Post. “There is a bunch of defense stuff built on Pixel phones.”



Source link

Disclaimer

We strive to uphold the highest ethical standards in all of our reporting and coverage. We StartupNews.fyi want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It’s possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.

Website Upgradation is going on for any glitch kindly connect at office@startupnews.fyi

More like this

Shiprocket Selected For Ecommerce Export Hub Pilot

SUMMARY Besides Shiprocket, the Centre has selected air cargo...

Threads has grown by 15 million users this month

Bluesky might be on the rise, but Instagram...

Tether introduces 'Hadron' real-world asset tokenization platform

The Tether-US dollar stablecoin's market capitalization has topped...

Popular

Upcoming Events

Startup Information that matters. Get in your inbox Daily!