Google Pixel phones require urgent update, US government warns

Zero-day exploit is already being used to target Android users, Google warns

Anthony Cuthbertson
Tuesday 25 June 2024 13:17 BST
Comments
Google Pixel phones pictured at an event in New York City on 9 October, 2018
Google Pixel phones pictured at an event in New York City on 9 October, 2018 (Getty Images)

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

The US government has ordered employees to immediately update their Google Pixel phones due to a mysterious security vulnerability.

Google has already issued a fix for the critical flaw, which reportedly stems from a bug within the Android operating system, but gave no details about how it could be exploited.

“Android Pixel contains an unspecified vulnerability in the firmware that allows for privilege escalation,” the government warning noted. “Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.”

The security issue is a zero-day exploit, meaning it was discovered and could be used by hackers to carry out cyber attacks before any mitigating measures were put in place.

The vulnerability, referred to as CVE-2024-32896, puts Pixel owners at risk of having their phone hijacked if they do not update their phones to the latest version.

Android-based operating system GrapheneOS warned that the security vulnerability is not limited to Pixel phones, though these are the first to receive the update. Other Android users will likely receive an update in August.

According to Google, the exploit has already been used in targeted attacks, though no details were given about who was targeted and how.

The Independent has reached out to Google for further information.

The firmware security patch also has fixes for a further 49 vulnerabilities relating to both hardware and software components.

Google Pixel phones can be updated within the device’s Settings app, with software updates typically taking anywhere from a few minutes to half an hour, depending on how new the smartphone is.

“We encourage all customers to accept these updates to their devices,” Google said in its Pixel update bulletin for June 2024.

US National Institute of Standards and Technology said that government employees must update their Google Pixel devices by 4 July or stop using the smartphones.

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in