Govee Reveals New TV Backlight 3 With Improved Colour Replication
Govee has revealed the new TV Backlight 3, the flagship model within the Backlight 3 series, starting for $159.99.
Critical Android Flaw Puts All Google Pixel Phones at Risk
Google’s Pixel smartphones, known for their emphasis on security and timely software updates, are facing a significant security issue due to a new vulnerability discovered in a hidden Android app (via Wired).
This flaw, uncovered by security researchers at iVerify, has been present in every Pixel device since September 2017 and raises serious concerns about their security.
The vulnerability is linked to an Android system-level software package known as “Showcase.apk.” This application, which was developed by enterprise software company Smith Micro for Verizon, was designed to enable retail demo mode on phones.
However, it has found its way into Pixel devices over the years, even though it is not part of Google’s own software. The app’s deep integration into the system, including its ability to execute remote code and install software, makes it a significant threat if exploited.
One of the most alarming aspects of this vulnerability is that Showcase.apk downloads configuration files through an unencrypted HTTP connection. This unsecure communication channel could be hijacked by attackers, allowing them to take control of the application and potentially the entire device.
Despite the severity of the issue, Google has not yet released a fix. iVerify first reported the flaw to Google in early May, but as of now, a patch has not been rolled out.
A Google spokesperson, Ed Fernandez, stated that the Showcase app is no longer in use by Verizon and that it will be removed from all supported Pixel devices in an upcoming software update.
Fernandez also noted that there has been no evidence of active exploitation and that the app is not included in Google’s latest Pixel 9 series devices, which were just announced this week.
Verizon spokesperson George Koroneos confirmed that Showcase.apk was used for retail demos and is no longer in use. However, the vulnerability’s presence in older Pixel devices remains a concern.
iVerify’s Rocky Cole expressed disappointment in Google’s handling of the situation, stating that the company’s inability to provide a specific patch date forced them to disclose the vulnerability publicly.
Want to see more of our stories on Google?
P.S. Want to keep this site truly independent? Support us by buying us a beer, treating us to a coffee, or shopping through Amazon here. Links in this post are affiliate links, so we earn a tiny commission at no charge to you. Thanks for supporting independent Canadian media!
Other articles in the category: News
Spotify Confirms its Disco Ball App Icon Will be Retired This Week
The standard Spotify app logo replaced by the disco ball refresh. Many of whom didn't take a strong liking to it.
Ottawa Accused of Lying About Its Own Surveillance Bill on X
Public Safety Canada is under fire after a social media post trying to downplay its new lawful-access legislation was slapped with a community note on X. Critics and privacy advocates are accusing the federal government of misleading the public about the true scope of Bill C-22. The backlash started when the official Public Safety Canada...
Strange that a Verizon specific app found itself in all pixel phones.
Bad enough that it opens unencrypted channels, and worse that it allows config files to update its behaviour (shades of crowdstrike) and it has full access to the system, but how the hell did google allow this malware to pollute their entire distribution?
I know that you meant that Google is timely with security updates to its phones to protect against outside threats, and that's true — but this is another reminder that any Android phone is a direct pipeline of data about you and your usage that goes directly to Google, where conclusions and inferences are drawn from that data, and these summaries are then sold to marketers.
Same as any use of their site, services, and search.