Google Pixel phones require urgent update, US government warns

Google Pixel phones pictured at an event in New York City on 9 October, 2018 (Getty Images)
Google Pixel phones pictured at an event in New York City on 9 October, 2018 (Getty Images)

The US government has ordered employees to immediately update their Google Pixel phones due to a mysterious security vulnerability.

Google has already issued a fix for the critical flaw, which reportedly stems from a bug within the Android operating system, but gave no details about how it could be exploited.

“Android Pixel contains an unspecified vulnerability in the firmware that allows for privilege escalation,” the government warning noted. “Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.”

The security issue is a zero-day exploit, meaning it was discovered and could be used by hackers to carry out cyber attacks before any mitigating measures were put in place.

The vulnerability, referred to as CVE-2024-32896, puts Pixel owners at risk of having their phone hijacked if they do not update their phones to the latest version.

Android-based operating system GrapheneOS warned that the security vulnerability is not limited to Pixel phones, though these are the first to receive the update. Other Android users will likely receive an update in August.

According to Google, the exploit has already been used in targeted attacks, though no details were given about who was targeted and how.

The Independent has reached out to Google for further information.

The firmware security patch also has fixes for a further 49 vulnerabilities relating to both hardware and software components.

Google Pixel phones can be updated within the device’s Settings app, with software updates typically taking anywhere from a few minutes to half an hour, depending on how new the smartphone is.

“We encourage all customers to accept these updates to their devices,” Google said in its Pixel update bulletin for June 2024.

US National Institute of Standards and Technology said that government employees must update their Google Pixel devices by 4 July or stop using the smartphones.