Skip to main content
  1. Home
  2. Computing
  3. News

Hackers take over Touch Bar at this year’s Pwn2Own contest

Jon Martindale
By

A pair of hackers at this year’s Pwn2Own hacking contest have managed to infiltrate a MacBook Pro’s Touch Bar with a message of their own, after finding an exploit for the Safari browser. Although only considered a partial success, the hack did let them gain access to the Touch Bar, earning them $28,000 for their trouble.

The Pwn2Own security conference and competition sees many impressive exploits discovered every year and 2017 is no different. We’ve seen a number of successes (via MacRumors) that have cracked open the Linux Kernel, Adobe Reader, and Microsoft’s Edge browser. A few hacks managed to breach Apple security, too, which is what let one team post their message to the Touch Bar.

Welcome to Pwn2Own 2017

Samuel Groß and Niklas Baumstark used a number of logic bugs to exploit the Safari browser and eventually take root control of the MacOS on a MacBook Pro. While that itself granted them their monetary prize and nine points in the Pwn2Own competition, they impressed onlookers even more by adding a custom message to the Touch Bar which read: “pwned by niklasb and saelo.”

Recommended Videos

Baumstark later explained on Twitter why the hack was only considered a partial success, despite its efficacy.

@LiveOverflow @_tsuro @5aelo we had sep. exploits for 10.0.3 and 10.1. the 10.0.3 one is fixed upstream, so it counts as a duplicate

— Niklas Baumstark (@_niklasb) March 15, 2017

The contest, which is offering over a million dollars in prizes this year, has seen another group utilize an exploit in Safari to earn some points and funds for themselves. The Chaitin Security Research Lab successfully breached Safari to gain root access on MacOS. Because its goal was seen as a full, rather than a partial success, it earned $35,000 and 11 points for its trouble — though there were no props given for Touch Bar takeover in this case.

Although other teams also attempted to breach Safari with an escalation to root on MacOS, they couldn’t manage it within their allotted time.

As impressive as the first day of Pwn2Own 2017 has been though, there is still much more to come. The schedule for day two is now live and shows a lot of people and teams getting ready to try to crack open many pieces of commercial software, including the MacOS. We’ll no doubt learn more about their efforts when the results are posted later today.

Thanks to Trend Micro for sending through the header video.

Topics
Jon Martindale
Jon Martindale
Computing Coordinator
Jon Martindale is the Evergreen Coordinator for Computing, overseeing a team of writers addressing all the latest how to…
This popular Dell business laptop is discounted from $849 to $579
Dell Vostro 14 sitting on a table

If you're looking for a solid business laptop that's both portable and won't break the bank, then you'll be very happy with the Vostro 14. Not only is it highly rated, but it's still packed with features for being such a small device, and while it can be a little bit pricey at MSRP, you can get it for a steep discount. Dell has knocked an impressive $270 off the usual $849 price tag, bringing it down to a much more affordable $579, making it an excellent deal if you've been looking for a new device.

Why you should buy the Vostro 14
For being only a small 14-inch laptop, the Vostro 14 has some pretty good specs and a couple of ones that maybe should have been slightly better. For example, you get 16GB of DDR4 RAM, which is really excellent, especially for a more business-oriented laptop, so you can open a lot of apps and tabs at the same time. On the other hand, you only get an Intel Core i5-1335U, which is a mid-range processor, and while it's absolutely fine for business work and productivity, it would have been nice to get the higher-end Intel Core i7-1355U for a bit extra power and versatility.

Read more
The best resume templates for Google Docs
2010 career building tips resume

éé

During these times of heavy competition in the job market, you want to be sure that your résumé stands out as much as possible. There are many resources online to assist you in building a stellar resume, especially using templates compatible with Google Docs.

Read more
You’re going to hate the latest change to Windows 11
A laptop running Windows 11.

Just two weeks after rolling out a preview build to Windows Insiders, Microsoft is pushing out an update to Windows 11 that adds advertisements to the Start menu. Build KB5036980, which is now slowly rolling out to the wider Windows 11 user base, includes recommendations in the Start menu, and they sneakily sit beside your real apps.

These apps comes exclusively from the Microsoft store, and they sit in the Recommended section of the Start menu. This section includes recently used, frequent, and new apps, but one (or more) slots will now be dedicated to an ad. As the update reads: "The Recommended section of the Start menu will show some Microsoft Store apps. These apps come from a small set of curated developers. This will help you to discover some of the great apps that are available."

Read more