MacBook Pro Touch Bar: cool effects, worryingly easy to hack – BGR

Every year, skilled coders at the annual Pwn2Own hacking conference get to work and remind us that no piece of software is impervious from targeted attacks. Last year, for example, hackers at the conference managed to exploit all four major web browsers, including Safari, Firefox, IE, and Google Chrome.

This year at the 10th anniversary of the Pwn2Own competition, hackers managed to exploit a security hole in Safari and take over the MacBook Pro’s ballyhooed Touch Bar in the process, a feat which earned the two hackers behind the attack a cool $28,000.

Digital Trends reports:

Samuel Groß and Niklas Baumstark used a number of logic bugs to exploit the Safari browser and eventually take root control of the MacOS on a MacBook Pro. While that itself granted them their monetary prize and nine points in the Pwn2Own competition, they impressed onlookers even more by adding a custom message to the Touch Bar which read: “pwned by niklasb and saelo.”

Groß this week took to Twitter and posted a shot of the aforementioned Touch Bar message.

As for the specific details regarding how the attack was implemented, that information will be made available to Apple so that they patch up any existing security holes before the public gets a look at how it was all accomplished.

With over $1 million in prizes up for grabs this year, the Zero Day Initiative website has a running tally of all the successful exploits at Pwn2Own this year. Thus far, we’ve already seen hackers exploit security vulnerabilities in Adobe Reader, Windows, and Microsoft’s Edge browser.

Comments

Write a Reply or Comment:

Your email address will not be published.*