+ Saturday December 7th, 2019


One of the advantages of buying Nexus devices (and now Pixels) is that they receive up-to-date security patches for at least three years from the date of release. This makes them secure right? Unfortunately not. In the recent Mobile Pwn2Own competition sponsored by Trend Micro a team of hackers was able to pwn one of these devices.

China’s The Tencent Keen Security Lab Team was able to get a malicious app installed on a Nexus 6P on their first attempt. This malicious app, while it did not fully unlock the phone, gave them full access to user data on the phone. The hack involved sending an MMS to the phone and did not require any interaction with the phone at all. They used the remaining time to add “flair and style” to their hacks to win themselves even more prize money.

In total, the Nexus 6P hack combined with a hack they performed on the iPhone 6S the team netted US$215,000. There was no mention of whether any teams managed to exploit the Galaxy S7, also included in the competition. All successful hacks and vulnerabilities used at Pwn2Own are disclosed to Google for patching. We would expect the exploits to be patched in hopefully the December security update.

With the Nexus 6P meant to be one of the most secure phones (due to it’s monthly security updates) it makes you wonder how older phones from other manufacturers would fare. It makes a good argument for including the “likelihood of receiving security updates” as a key criteria when selecting your next phone.

How much credence do you pay to these sort of competitions? Do you consider security when deciding on a phone purchase?

Source: Trend Micro.
Via: The Register.

Scott Plowman   Editor


Scott is our modding guru - he has his finger on the pulse of all things ‘moddable’, pointing us towards all the cutting edge mods hacks that are available. When he’s not gymming it up, or scanning the heck out of Nexus devices, you'll find him on the Ausdroid Podcast.

Outside of Ausdroid, Scott's a health care professional and lecturer at a well known Victorian university.

No comments

  1. Avatar

    “It makes a good argument for including the “likelihood of receiving security updates” as a key criteria when selecting your next phone.”

    Definitely. I’m more interested in receiving timely security updates than future OS updates, to be honest, and it’s one of the areas for greatest improvement by manufacturers producing Android devices.

Check Also

Think you smash your NBN connection? Try this guy, with 26TB downloaded in one month

One of the great things about having a fast Internet connection is that you can …