Google Is Conducting An Investigation Into Potential Vulnerability Regarding Mail-In Pixel Repairs

Smartphone repairs can be aggravating if you don't live near a shop that can help, and that's exactly the situation that many Google Pixel smartphone users have. As a result, mail-in repairs are a common method of repairing Pixel devices. However, for a few users, the procedure has turned into a nightmare, with mail-in Google Pixel repairs leading to "hacked" accounts and other problems. In the last few weeks, two allegations have surfaced claiming that Google's mail-in process for fixing Pixel phones has been "hacked," with the Google account compromised and, in one case, private images disclosed to the public.

Jane McGonigal, a game designer and novelist, sent in her Pixel 5a to be fixed and discovered that someone had gained access to her Google account as well as Dropbox. McGonigal's images "in bathing suits, sports bras, form-fitting outfits, and of sutures after surgery" were also accessed as a result of this. The gadget was allegedly used to gain access to email accounts and hide their tracks by removing notifications that would have been sent if someone had logged into these accounts. The phone was transported to a Texas repair shop. Making matters worse, McGonigal was told that the phone was never received by Google, and she was therefore paid for her replacement device.

McGonigal claims that an attempt was made to reset the device using Google's remote reset tool before shipping it in to be repaired due to the damage it had received. However, a since-deleted Reddit thread revealed a far more concerning situation.

According to Android Police, the story included a consumer who sent a Pixel repair to a Texas facility. That device was used to gain access to the user's Google account and social media accounts, with the real damage occurring when the "hacker" posted nude images of the user and his wife to their own social media sites. The user's PayPal account was also used to send a modest sum of money. The phone could not be turned on in that instance, and so could not be reset. It's worth noting, though, that this gadget lacked any kind of screen lock, which meant the malicious party had no way of accessing the data.

Read next: Google Chat In Gmail Now Allows Instant Audio & Video Calls
Previous Post Next Post