in

Report: Google Pixel Phones Sold With Hidden Surveillance Software

Most Google Pixel phones sold since September 2017 included software that could be used to remotely monitor or control users’ phones, according to a new report from cybersecurity firm iVerify.

The vulnerability was discovered after iVerify’s Endpoint Detection and Response (EDR) scanner flagged an insecure Android device at Palantir Technologies, an iVerify customer. After launching a joint investigation, iVerify, Palantir, and Trail of Bits discovered a hidden Android software package, Showcase.apk, on Google Pixel devices. Data mining company Palantir, which sells its surveillance products to governments and private companies, banned Android devices companywide in response.

“This was very damaging to trust, to have third-party, unvetted, unsecured software on it,” said Dane Stuckey, Palantir’s chief information security officer. The Washington Post“We have no idea how it got there, so we decided to effectively ban Android internally.”

According to the iVerify report, the software was developed by a company called Smith Micro Software and appears to have been created for Verizon for in-store demos. The app was disabled by default and had to be manually enabled, the iVerify report found. “When enabled, Showcase.apk makes the operating system accessible to hackers and prone to man-in-the-middle attacks, code injection, and spyware,” the report reads. “The impact of this vulnerability is significant and could result in data breaches totaling billions of dollars.”

In a statement to The limitGoogle spokesman Ed Fernandez said the software was made “for Verizon in-store demo devices and is no longer in use,” adding that Google “has seen no evidence of active exploitation.”

iVerify informed Google of its report in early May, according to Vscek. The company has not publicly disclosed the vulnerability, nor has it released a software update to remove the problem. Fernandez, the Google spokesperson, said Vscek that Android would remove the app from all Pixel devices “in the coming weeks.”

“It’s really, really concerning. Pixels are meant to be clean,” said Palantir’s Stuckey, Send“There are a ton of defense features built into Pixel phones.”

Written by Anika Begay

Current Welcome Offers on Chase World of Hyatt Credit Cards

Walmart says prices are falling except in one key area