Skip to main content
  1. Home
  2. Computing
  3. News

Hackers take over Touch Bar at this year’s Pwn2Own contest

By

A pair of hackers at this year’s Pwn2Own hacking contest have managed to infiltrate a MacBook Pro’s Touch Bar with a message of their own, after finding an exploit for the Safari browser. Although only considered a partial success, the hack did let them gain access to the Touch Bar, earning them $28,000 for their trouble.

The Pwn2Own security conference and competition sees many impressive exploits discovered every year and 2017 is no different. We’ve seen a number of successes (via MacRumors) that have cracked open the Linux Kernel, Adobe Reader, and Microsoft’s Edge browser. A few hacks managed to breach Apple security, too, which is what let one team post their message to the Touch Bar.

Welcome to Pwn2Own 2017

Samuel Groß and Niklas Baumstark used a number of logic bugs to exploit the Safari browser and eventually take root control of the MacOS on a MacBook Pro. While that itself granted them their monetary prize and nine points in the Pwn2Own competition, they impressed onlookers even more by adding a custom message to the Touch Bar which read: “pwned by niklasb and saelo.”

Recommended Videos

Baumstark later explained on Twitter why the hack was only considered a partial success, despite its efficacy.

we had sep. exploits for 10.0.3 and 10.1. the 10.0.3 one is fixed upstream, so it counts as a duplicate

— Niklas B (@_niklasb) March 15, 2017

The contest, which is offering over a million dollars in prizes this year, has seen another group utilize an exploit in Safari to earn some points and funds for themselves. The Chaitin Security Research Lab successfully breached Safari to gain root access on MacOS. Because its goal was seen as a full, rather than a partial success, it earned $35,000 and 11 points for its trouble — though there were no props given for Touch Bar takeover in this case.

Although other teams also attempted to breach Safari with an escalation to root on MacOS, they couldn’t manage it within their allotted time.

As impressive as the first day of Pwn2Own 2017 has been though, there is still much more to come. The schedule for day two is now live and shows a lot of people and teams getting ready to try to crack open many pieces of commercial software, including the MacOS. We’ll no doubt learn more about their efforts when the results are posted later today.

Thanks to Trend Micro for sending through the header video.

Topics
Jon Martindale
Jon Martindale
Evergreen writer
Jon Martindale is a freelance evergreen writer and occasional section coordinator, covering how to guides, best-of lists, and…
Fun things to ask ChatGPT now that it remembers everything
ChatGPT on a laptop

If you hadn't heard, ChatGPT's memory just got a whole lot better. Rolled out across the world to Plus and Pro users over the past few days, ChatGPT's various models can now reference almost any past conversation you had. It doesn't remember everything word for word, but can pull significant details, themes, and important points of reference from just about anything you've ever said to it.

It feels a little creepy at times, but ChatGPT can now be used for much more personalized tasks. OpenAI pitches this as a way to improve its scheduling feature to use it as a personal assistant, or to help you continue longer chats over extended periods of time. But it's also quite fun to see what ChatGPT can tell you by trawling throughh all your chatlogs. It's often surprising some of the answers it spits out in response.

Read more
This dual-screen Lenovo ThinkBook 2-in-1 laptop is almost $1,600 off
Lenovo ThinkBook Plus Gen 4 rear view showing e-ink display on lid.

Are you looking for 2-in-1 laptop deals but haven't found an impressive offer yet? You may want to take a look at the offer from Lenovo, which includes a 46% discount for the Lenovo ThinkBook Plus Gen 4. Its estimated value of $3,459 may seem inflated, but it's on sale for a much more affordable $1,868, for savings of $1,591. This is a clearance sale though, which means once stocks are gone, we're not sure if you'll get another chance at this bargain. You're going to have to proceed with your purchase immediately if you don't want to miss out.

Why you should buy the Lenovo ThinkBook Plus Gen 4 2-in-1 laptop

Read more
This Gigabyte gaming laptop with RTX 4060, 32GB of RAM is on sale for just $1,000
The Gigabyte G6 gaming laptop on a white background.

Gamers with a budget of $1,000 for their next device: Set your sights on the Gigabyte G6 gaming laptop. It's a relatively affordable option that greatly exceeds expectations, and it's on sale from Best Buy with a $200 discount on its original price of $1,200. We highly recommend proceeding with your purchase as soon as possible though, as there's no telling when the offer will expire. The gaming laptop could be back to its regular price as soon as tomorrow, so hurry!

Why you should buy the Gigabyte G6 gaming laptop

Read more