Security researchers have identified zero-day vulnerabilities in Google Pixel phones that are being actively exploited. While not the work of traditional hackers, the flaws are reportedly being used by forensic companies that assist law enforcement in unlocking confiscated devices.
The vulnerabilities allow attackers to bypass security measures on Pixel phones. One flaw can unlock a device and trigger fastboot mode, granting physical access to the phone’s data. The other vulnerability can prevent a user from remotely wiping a Pixel phone.
Google has credited GrapheneOS, a security-focused Android OS, with uncovering the exploits. A video from Swedish forensics company MSAB appears to demonstrate how these vulnerabilities are being used, though the video has since been removed.
Google acknowledges a “limited, targeted” use of these zero-days and is releasing patches starting this Friday. It’s important for Pixel owners to install these updates as soon as possible to protect their devices from unauthorized access.