Skip to main content
  1. Home
  2. Computing
  3. News

Hackers take over Touch Bar at this year’s Pwn2Own contest

Jon Martindale
By

A pair of hackers at this year’s Pwn2Own hacking contest have managed to infiltrate a MacBook Pro’s Touch Bar with a message of their own, after finding an exploit for the Safari browser. Although only considered a partial success, the hack did let them gain access to the Touch Bar, earning them $28,000 for their trouble.

The Pwn2Own security conference and competition sees many impressive exploits discovered every year and 2017 is no different. We’ve seen a number of successes (via MacRumors) that have cracked open the Linux Kernel, Adobe Reader, and Microsoft’s Edge browser. A few hacks managed to breach Apple security, too, which is what let one team post their message to the Touch Bar.

Welcome to Pwn2Own 2017

Samuel Groß and Niklas Baumstark used a number of logic bugs to exploit the Safari browser and eventually take root control of the MacOS on a MacBook Pro. While that itself granted them their monetary prize and nine points in the Pwn2Own competition, they impressed onlookers even more by adding a custom message to the Touch Bar which read: “pwned by niklasb and saelo.”

Recommended Videos

Baumstark later explained on Twitter why the hack was only considered a partial success, despite its efficacy.

@LiveOverflow @_tsuro @5aelo we had sep. exploits for 10.0.3 and 10.1. the 10.0.3 one is fixed upstream, so it counts as a duplicate

— Niklas Baumstark (@_niklasb) March 15, 2017

The contest, which is offering over a million dollars in prizes this year, has seen another group utilize an exploit in Safari to earn some points and funds for themselves. The Chaitin Security Research Lab successfully breached Safari to gain root access on MacOS. Because its goal was seen as a full, rather than a partial success, it earned $35,000 and 11 points for its trouble — though there were no props given for Touch Bar takeover in this case.

Although other teams also attempted to breach Safari with an escalation to root on MacOS, they couldn’t manage it within their allotted time.

As impressive as the first day of Pwn2Own 2017 has been though, there is still much more to come. The schedule for day two is now live and shows a lot of people and teams getting ready to try to crack open many pieces of commercial software, including the MacOS. We’ll no doubt learn more about their efforts when the results are posted later today.

Thanks to Trend Micro for sending through the header video.

Editors' Recommendations

Topics
Jon Martindale
Jon Martindale
Computing Coordinator
Jon Martindale is the Evergreen Coordinator for Computing, overseeing a team of writers addressing all the latest how to…
I put the RTX 4060 Ti up against the RX 6700 XT — and there’s a surprising winner
RX 6700 XT graphics card installed in computer.

You generally expect that a new generation of graphics cards will outperform the previous generation, but we're in a precarious spot this time around. Nvidia's recent RTX 4060 Ti hasn't been met with a warm reception, and cheaper last-gen options like the RX 6700 XT have looked increasingly attractive as their prices come down.

I threw both cards on my test bench to see which is the better one to buy, and there's a clear winner. There are some important considerations to keep in mind before picking up either GPU, though.
Where's the value?

Read more
These ingenious ideas could help make AI a little less evil
profile of head on computer chip artificial intelligence

Right now, there’s plenty of hand-wringing over the damage artificial intelligence (AI) can do. To offset that, Firefox maker Mozilla set out to encourage more accountable use of AI with its Responsible AI Challenge, and the recently announced winners of the contest show that the AI-infused future doesn’t have to be all doom and gloom.

The first prize of $50,000 went to Sanative AI, which “provides anti-AI watermarks to protect images and artwork from being used as training data” for the kind of large-language models that power AI tools like ChatGPT. There has been much consternation from photographers and artists over their work being used to train AI without permission, something Sanative AI could help to remedy.

Read more
Off to college? Acer just slashed the price of this Chromebook to $200
The Acer Chromebook 314 at a side angle.

Chromebook deals are a special bunch of great value options a lot of the time. We've spotted a particularly great one over at Acer. Right now, you can buy the Acer Chromebook 314 for $200 saving you $100 off the regular price of $300. Even better, if you use the code GRADS10 at checkout, you save an extra 10% so the Chromebook cost just $180. If previous laptop deals have been too pricey for you, this could be the one you've been waiting for. It has all the essentials you need from a Chromebook and even sports a full HD screen. Here's what else you need to know about it.

Why you should buy the Acer Chromebook 314
Acer is one of the best laptop brands for affordable computing, thanks to it knowing how to get the most from a tight budget. The Acer Chromebook 314 has all you could need in this price range. It offers an Intel Celeron N4020 processor along with 4GB of memory and 64GB of eMMC storage. If this system were running Windows 11, it'd be very sluggish but when running Chrome OS, it performs well.

Read more