Skip to main content
  1. Home
  2. Computing
  3. News

Hackers take over Touch Bar at this year’s Pwn2Own contest

By

A pair of hackers at this year’s Pwn2Own hacking contest have managed to infiltrate a MacBook Pro’s Touch Bar with a message of their own, after finding an exploit for the Safari browser. Although only considered a partial success, the hack did let them gain access to the Touch Bar, earning them $28,000 for their trouble.

The Pwn2Own security conference and competition sees many impressive exploits discovered every year and 2017 is no different. We’ve seen a number of successes (via MacRumors) that have cracked open the Linux Kernel, Adobe Reader, and Microsoft’s Edge browser. A few hacks managed to breach Apple security, too, which is what let one team post their message to the Touch Bar.

Welcome to Pwn2Own 2017

Samuel Groß and Niklas Baumstark used a number of logic bugs to exploit the Safari browser and eventually take root control of the MacOS on a MacBook Pro. While that itself granted them their monetary prize and nine points in the Pwn2Own competition, they impressed onlookers even more by adding a custom message to the Touch Bar which read: “pwned by niklasb and saelo.”

Recommended Videos

Baumstark later explained on Twitter why the hack was only considered a partial success, despite its efficacy.

@LiveOverflow @_tsuro @5aelo we had sep. exploits for 10.0.3 and 10.1. the 10.0.3 one is fixed upstream, so it counts as a duplicate

— Niklas Baumstark (@_niklasb) March 15, 2017

The contest, which is offering over a million dollars in prizes this year, has seen another group utilize an exploit in Safari to earn some points and funds for themselves. The Chaitin Security Research Lab successfully breached Safari to gain root access on MacOS. Because its goal was seen as a full, rather than a partial success, it earned $35,000 and 11 points for its trouble — though there were no props given for Touch Bar takeover in this case.

Although other teams also attempted to breach Safari with an escalation to root on MacOS, they couldn’t manage it within their allotted time.

As impressive as the first day of Pwn2Own 2017 has been though, there is still much more to come. The schedule for day two is now live and shows a lot of people and teams getting ready to try to crack open many pieces of commercial software, including the MacOS. We’ll no doubt learn more about their efforts when the results are posted later today.

Thanks to Trend Micro for sending through the header video.

Topics
Jon Martindale
Jon Martindale
Evergreen writer
Jon Martindale is a freelance evergreen writer and occasional section coordinator, covering how to guides, best-of lists, and…
New 9800X3D leak: ‘Strong generational boost in games’ is just 8%
AMD Ryzen 7 7800X3D held between fingertips.

AMD's best processor for gaming is right around the corner. Through various leaked benchmarks, we've already learned that it might disappoint, and today's leak only serves to confirm that. According to leaked AMD data, the Ryzen 7 9800X3D may offer a subtle improvement in gaming -- although it'll still be better than what most of the Zen 5 lineup has been able to provide.

VideoCardz was able to obtain what appears to be an official marketing description of the Ryzen 7 9800X3D. The blurb reveals things like the predicted improvement in instructions per cycle (IPC), gaming, and multi-threaded workloads. It looks like the real deal, but as with any other leak, it's important to remember that we'll only learn the full story once we test the CPU ourselves.

Read more
M4 chip: here’s everything we know about Apple’s latest silicon
Apple introducing the new M4 chip.

Apple is on the cusp of announcing new Macs equipped with its latest M4 chip, bringing more powerful performance and extra features to its computers. But this won't be the first time the M4 has made an appearance -- it's already out in the latest iPad Pro.

But is the M4 chip any good? Should you upgrade your Mac or iPad to take advantage of it? And what new features will it bring to your devices? We've set out to answer these questions and more, blending together what we've learned from the M4 iPad Pro and information that has been leaked ahead of the M4 Macs launching this year. That should give you everything you need to know about Apple's latest chip.
Price and release date

Read more
Why you may want to avoid the latest Nvidia driver release
A screenshot of the Nvidia app.

Nvidia’s latest GeForce 566.03 WHQL driver update was released two days ago, and the company has now acknowledged a peculiar issue. According to a report by Overclock3D, users of Corsair’s iCUE software and Bluestacks, may face “higher than normal CPU usage” and are advised not to update to the latest graphics driver update.

Corsair's iCUE software integrates the company’s compatible hardware into a single interface, enabling users to control RGB lighting, adjust fan speeds, create macros, and monitor system performance. Bluestacks, on the other hand, is an Android emulator for Windows, primarily used for gaming and app development.

Read more