{"id":287108,"date":"2024-08-16T11:22:47","date_gmt":"2024-08-16T09:22:47","guid":{"rendered":"https:\/\/sftarticles.wpenginepowered.com\/es\/?p=338633"},"modified":"2025-07-01T16:03:33","modified_gmt":"2025-07-01T23:03:33","slug":"millions-of-google-pixel-phones-may-be-vulnerable-to-a-deadly-cyber-attack","status":"publish","type":"post","link":"https:\/\/cms-articles.softonic.io\/en\/millions-of-google-pixel-phones-may-be-vulnerable-to-a-deadly-cyber-attack\/","title":{"rendered":"Millions of Google Pixel phones may be vulnerable to a deadly cyber attack"},"content":{"rendered":"\n<p class=\"wp-block-paragraph\">The cybersecurity company iVerify has recently discovered a serious vulnerability that affects millions of Pixel smartphones worldwide and has published its findings in a new report.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><a href=\"https:\/\/iverify.io\/blog\/iverify-discovers-android-vulnerability-impacting-millions-of-pixel-devices-around-the-world\">According to the document<\/a>, the offending software in question is called Showcase.apk. It was originally developed by Smith Micro Software for <a href=\"https:\/\/www.washingtonpost.com\/technology\/2024\/08\/15\/google-sold-android-phones-with-hidden-insecure-feature-companies-find\/\">demonstration devices within Verizon stores<\/a>.<\/p>\n\n\n<div class=\"sc-card-program\">\r\n  <div class=\"sc-card-program__body\">\r\n    <div class=\"sc-card-program__row clearfix\">\r\n      <div class=\"sc-card-program__col-logo\">\r\n        <img decoding=\"async\" class=\"sc-card-program__img\" alt=\"Google Chrome\" src=\"https:\/\/images.sftcdn.net\/images\/t_app-icon-m\/p\/f875d630-96d4-11e6-b152-00163ed833e7\/814375157\/chrome-logo\" width=\"100px\" height=\"100px\">\r\n      <\/div>\r\n      <div class=\"sc-card-program__col-title\">\r\n        <span class=\"sc-card-program__title\">Google Chrome<\/span>\r\n        <a class=\"sc-card-program__button sc-card-program-internal\" href=\"https:\/\/chrome.en.softonic.com\/android\" target=\"_self\" rel=\"noopener noreferrer\">DOWNLOAD<\/a>\r\n      <\/div>\r\n      <div class=\"sc-card-program__col-rating\">\r\n        <svg class=\"rating-score__content\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" version=\"1.1\" x=\"0\" y=\"0\" viewbox=\"0 0 50 50\" enable-background=\"new 0 0 50 50\" xml:space=\"preserve\"><path class=\"rating-score__background rating-score--good\" fill=\"none\" stroke-width=\"6\" stroke-miterlimit=\"10\" d=\"M40 40c8.3-8.3 8.3-21.7 0-30s-21.7-8.3-30 0 -8.3 21.7 0 30\"><\/path><path class=\"rating-score__value rating-score__value--0\" fill=\"none\" stroke-width=\"6\" stroke-dashoffset=\"0\" stroke-miterlimit=\"10\" d=\"M40 40c8.3-8.3 8.3-21.7 0-30s-21.7-8.3-30 0 -8.3 21.7 0 30\"><\/path><text class=\"rating-score__number\" content=\"\" text-anchor=\"middle\" transform=\"matrix(1 0 0 1 25 31.0837)\" data-auto=\"app-user-score\"><\/text><\/svg>\r\n      <\/div>\r\n    <\/div>\r\n    <div class=\"sc-card-program__row\">\r\n      <span class=\"sc-card-program__description\"><\/span>\r\n    <\/div>\r\n    <div class=\"sc-card-program__row\">\r\n      <img decoding=\"async\" class=\"sc-card-program__bigpic\" src=\"\" onerror=\"this.style.display='none'\">\r\n    <\/div>\r\n    <a class=\"sc-card-program__link track-link sc-card-program-internal\" href=\"https:\/\/chrome.en.softonic.com\/android\" target=\"_self\" rel=\"noopener noreferrer\"><\/a>\r\n  <\/div>\r\n<\/div>\n\n\n\n<p class=\"wp-block-paragraph\">Thanks to this, employees have deep access to the many features of a Pixel phone in order to &#8216;demonstrate how they work&#8217; to interested customers.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Normally, Showcase is inactive and does nothing. <strong>However, a skilled hacker may activate it through a backdoor.<\/strong><\/p>\n\n\n\n<figure class=\"wp-block-embed is-type-rich is-provider-twitter wp-block-embed-twitter\"><div class=\"wp-block-embed__wrapper\">\n<blockquote class=\"twitter-tweet\" data-width=\"550\" data-dnt=\"true\"><p lang=\"en\" dir=\"ltr\">Google Pixel phones sold with security vulnerability, report finds <a href=\"https:\/\/t.co\/mKfyEeKrF2\">https:\/\/t.co\/mKfyEeKrF2<\/a><\/p>&mdash; The Verge (@verge) <a href=\"https:\/\/twitter.com\/verge\/status\/1824133002768646617?ref_src=twsrc%5Etfw\">August 15, 2024<\/a><\/blockquote><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script>\n<\/div><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">What can this APK do on Google phones<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>The APK (Android Package Kit) receives its configuration file from an insecure domain on Amazon Web Services.<\/strong> In theory, a malicious actor could intercept these connections or impersonate the website&#8217;s identity and inject malware or spyware into a Pixel phone. Additionally, since Showcase has &#8216;excessive system privileges,&#8217; it is easy for cybercriminals to <a href=\"https:\/\/iverify.io\/press-releases\/iverify-discovers-severe-android-vulnerability-impacting-millions-of-devices-around-the-world\">compromise a target<\/a>.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>What is particularly terrifying is that Showcase has been part of the Google Pixel ecosystem since September 2017.<\/strong> And the worst part is that the average user cannot remove the APK through the standard uninstallation process, as it is considered a system-level application. iVerify claims that &#8216;only Google can fix&#8217; this issue.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>No matter how bad things are, there is good news<\/strong>. First of all, it seems that no one, not even hackers, knew about the exploit. A Google spokesperson told The Washington Post that they have not seen any attacks that can be attributed to Showcase.<\/p>\n\n\n<div class=\"sc-card-program\">\r\n  <div class=\"sc-card-program__body\">\r\n    <div class=\"sc-card-program__row clearfix\">\r\n      <div class=\"sc-card-program__col-logo\">\r\n        <img decoding=\"async\" class=\"sc-card-program__img\" alt=\"Google Chrome\" src=\"https:\/\/images.sftcdn.net\/images\/t_app-icon-m\/p\/f875d630-96d4-11e6-b152-00163ed833e7\/814375157\/chrome-logo\" width=\"100px\" height=\"100px\">\r\n      <\/div>\r\n      <div class=\"sc-card-program__col-title\">\r\n        <span class=\"sc-card-program__title\">Google Chrome<\/span>\r\n        <a class=\"sc-card-program__button sc-card-program-internal\" href=\"https:\/\/chrome.en.softonic.com\/android\" target=\"_self\" rel=\"noopener noreferrer\">DOWNLOAD<\/a>\r\n      <\/div>\r\n      <div class=\"sc-card-program__col-rating\">\r\n        <svg class=\"rating-score__content\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" version=\"1.1\" x=\"0\" y=\"0\" viewbox=\"0 0 50 50\" enable-background=\"new 0 0 50 50\" xml:space=\"preserve\"><path class=\"rating-score__background rating-score--good\" fill=\"none\" stroke-width=\"6\" stroke-miterlimit=\"10\" d=\"M40 40c8.3-8.3 8.3-21.7 0-30s-21.7-8.3-30 0 -8.3 21.7 0 30\"><\/path><path class=\"rating-score__value rating-score__value--0\" fill=\"none\" stroke-width=\"6\" stroke-dashoffset=\"0\" stroke-miterlimit=\"10\" d=\"M40 40c8.3-8.3 8.3-21.7 0-30s-21.7-8.3-30 0 -8.3 21.7 0 30\"><\/path><text class=\"rating-score__number\" content=\"\" text-anchor=\"middle\" transform=\"matrix(1 0 0 1 25 31.0837)\" data-auto=\"app-user-score\"><\/text><\/svg>\r\n      <\/div>\r\n    <\/div>\r\n    <div class=\"sc-card-program__row\">\r\n      <span class=\"sc-card-program__description\"><\/span>\r\n    <\/div>\r\n    <div class=\"sc-card-program__row\">\r\n      <img decoding=\"async\" class=\"sc-card-program__bigpic\" src=\"\" onerror=\"this.style.display='none'\">\r\n    <\/div>\r\n    <a class=\"sc-card-program__link track-link sc-card-program-internal\" href=\"https:\/\/chrome.en.softonic.com\/android\" target=\"_self\" rel=\"noopener noreferrer\"><\/a>\r\n  <\/div>\r\n<\/div>\n\n\n\n<p class=\"wp-block-paragraph\">And they stated that there is no evidence of &#8216;active exploitation&#8217; and even suggested that such an attack &#8216;would be unlikely.&#8217;<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Google is aware of the problem.<\/strong> The tech giant told <a href=\"https:\/\/www.forbes.com\/sites\/zakdoffman\/2024\/08\/15\/new-pixel-warning-as-pixel-9-pixel-9-pro-pixel-9-pro-fold-release\/\">Forbes<\/a> that they are taking measures &#8216;out of an abundance of caution&#8217; and plan to deploy a patch to all &#8216;compatible Pixel devices on the market.&#8217; However, don&#8217;t worry about the Pixel 9 series, as none of the four models have Showcase.apk.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The cybersecurity company iVerify has recently discovered a serious vulnerability that affects millions of Pixel smartphones worldwide and has published its findings in a new report. According to the document, the offending software in question is called Showcase.apk. It was originally developed by Smith Micro Software for demonstration devices within Verizon stores. Thanks to this, &hellip; <a href=\"https:\/\/cms-articles.softonic.io\/en\/millions-of-google-pixel-phones-may-be-vulnerable-to-a-deadly-cyber-attack\/\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;Millions of Google Pixel phones may be vulnerable to a deadly cyber attack&#8221;<\/span><\/a><\/p>\n","protected":false},"author":9265,"featured_media":287109,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":"","wpcf-pageviews":1},"categories":[1015],"tags":[5118],"usertag":[],"vertical":[],"content-category":[],"class_list":["post-287108","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news","tag-smartphones"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/posts\/287108","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/users\/9265"}],"replies":[{"embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/comments?post=287108"}],"version-history":[{"count":1,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/posts\/287108\/revisions"}],"predecessor-version":[{"id":311853,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/posts\/287108\/revisions\/311853"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/media\/287109"}],"wp:attachment":[{"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/media?parent=287108"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/categories?post=287108"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/tags?post=287108"},{"taxonomy":"usertag","embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/usertag?post=287108"},{"taxonomy":"vertical","embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/vertical?post=287108"},{"taxonomy":"content-category","embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/content-category?post=287108"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}