Skip to main content
  1. Home
  2. Computing
  3. News

Hackers take over Touch Bar at this year’s Pwn2Own contest

Add as a preferred source on Google

A pair of hackers at this year’s Pwn2Own hacking contest have managed to infiltrate a MacBook Pro’s Touch Bar with a message of their own, after finding an exploit for the Safari browser. Although only considered a partial success, the hack did let them gain access to the Touch Bar, earning them $28,000 for their trouble.

The Pwn2Own security conference and competition sees many impressive exploits discovered every year and 2017 is no different. We’ve seen a number of successes (via MacRumors) that have cracked open the Linux Kernel, Adobe Reader, and Microsoft’s Edge browser. A few hacks managed to breach Apple security, too, which is what let one team post their message to the Touch Bar.

Welcome to Pwn2Own 2017

Samuel Groß and Niklas Baumstark used a number of logic bugs to exploit the Safari browser and eventually take root control of the MacOS on a MacBook Pro. While that itself granted them their monetary prize and nine points in the Pwn2Own competition, they impressed onlookers even more by adding a custom message to the Touch Bar which read: “pwned by niklasb and saelo.”

Recommended Videos

Baumstark later explained on Twitter why the hack was only considered a partial success, despite its efficacy.

we had sep. exploits for 10.0.3 and 10.1. the 10.0.3 one is fixed upstream, so it counts as a duplicate

— Niklas B (@_niklasb) March 15, 2017

The contest, which is offering over a million dollars in prizes this year, has seen another group utilize an exploit in Safari to earn some points and funds for themselves. The Chaitin Security Research Lab successfully breached Safari to gain root access on MacOS. Because its goal was seen as a full, rather than a partial success, it earned $35,000 and 11 points for its trouble — though there were no props given for Touch Bar takeover in this case.

Although other teams also attempted to breach Safari with an escalation to root on MacOS, they couldn’t manage it within their allotted time.

As impressive as the first day of Pwn2Own 2017 has been though, there is still much more to come. The schedule for day two is now live and shows a lot of people and teams getting ready to try to crack open many pieces of commercial software, including the MacOS. We’ll no doubt learn more about their efforts when the results are posted later today.

Thanks to Trend Micro for sending through the header video.

Jon Martindale
Jon Martindale covers how to guides, best-of lists, and explainers to help everyone understand the hottest new hardware and…
I let Radial menu take over my Mac, and I’m never going back
One mouse jiggle, endless shortcuts. My Mac has never felt this fast.
Radial app running on Mac

I have been testing Radial for the past week, and it's quickly become one of those apps I didn’t know how I could live without. It's a radial menu for macOS that puts your shortcuts, scripts, and automations right where your cursor is, so you never have to go hunting through menus to find what you need.

The app just received its 5.0 update, adding AI actions powered by Claude, window layouts, variables, a redesigned settings interface, a new Atmosphere background effect, and a squircle menu shape. I got to try most of these, and here's what I found.

Read more
Android desktop mode made me miss my laptop in record time
I tried writing and publishing from Google’s phone-to-monitor setup, and the future of mobile computing immediately started sweating.
Computer, Electronics, Laptop

Android 17 desktop mode has a very simple pitch. Plug your phone into a monitor, add a keyboard and mouse, and watch the slab in your pocket pretend to be a computer. I wanted to give that pitch a fair shot, so I tried using it for an actual workday instead of a cute demo.

The goal was boring on purpose: write an article, edit it, build the page in WordPress, upload whatever needed uploading, and publish the thing without running back to my laptop like a coward.

Read more
As AI turbocharges digital abuse, UK agencies urge parents to limit who sees kids’ photos online
The National Crime Agency and Internet Watch Foundation are asking parents to tighten privacy settings as AI-generated abuse material rises.
Social Media

Parents who post pictures of their kids online are being told to rethink the habit. The UK's National Crime Agency and the Internet Watch Foundation have issued new guidance urging families to lock down their social media accounts, warning that publicly shared photos are increasingly being pulled and altered by AI tools to create child sexual abuse material.

The two organizations say most parents have no idea this is happening. Criminals no longer need to contact a child directly to generate such material. They can scrape an ordinary photo and run it through widely available nudify apps.

Read more