Loading
-
MacBook Air Gets Hacked First at Contest
Techtree News Staff, Mar 28, 2008 1342 hrs ISTThe contest required anyone - someone to hack into any of the three laptops on offer as prizes: a Sony Vaio, a Fujitsu U810, and an Apple MacBook Air.
At the CanSecWest security conference in Vancouver yesterday, one Charles Miller (who first hacked Apple's iPhone last year) broke into an Apple MacBook Air in a matter of two minutes to win the 'PWN 2 OWN' hacking contest and take home the first of the three laptops offered as prize plus $10,000 in cash. This is the 'quickest buck' that Miller has possibly made yet.
The prizes on offer were three laptops: a Sony Vaio, a Fujitsu U810, and an Apple MacBook Air, and the hack contest required anyone - someone, to find a way to hack each of these and read the contents of a file on their systems -- using a not-yet-disclosed '0day' attack.
The first day of the contest saw contestants trying to hack the laptops over the network; nobody quite managed. Whereas the second day saw hackers directing show organizers into using the laptops to visit Web sites or open emails. Miller was the fastest: in about 2 minutes, he'd directed the organizers to visit a Web site containing exploit code, which he then used to grab control of one of the three laptops -- it so happened the laptop Miller managed to hack was Apple's MacBook Air.
Contest won, no time was lost in giving Miller a non-disclosure agreement to sign. Which means he cannot discuss specifics of his exploit code until such time that show sponsor TippingPoint notifies the vendor (Apple in this case).
And according to a TippingPoint DVLabs blog, newly discovered '0day' vulnerability in Safari was used to gain control of the MacBook Air. Miller could only take advantage of software pre-installed on the Mac, so the flaw that he exploited must have been accessible, or possibly inside Apple's Safari browser, reports seem to suggest. Meanwhile, Miller ended up being congratulated by last year's winner, Dino Dai Zovi, who'd exploited a QuickTime vulnerability to take home the prize.
The prizes on offer were three laptops: a Sony Vaio, a Fujitsu U810, and an Apple MacBook Air, and the hack contest required anyone - someone, to find a way to hack each of these and read the contents of a file on their systems -- using a not-yet-disclosed '0day' attack.
The first day of the contest saw contestants trying to hack the laptops over the network; nobody quite managed. Whereas the second day saw hackers directing show organizers into using the laptops to visit Web sites or open emails. Miller was the fastest: in about 2 minutes, he'd directed the organizers to visit a Web site containing exploit code, which he then used to grab control of one of the three laptops -- it so happened the laptop Miller managed to hack was Apple's MacBook Air.
Contest won, no time was lost in giving Miller a non-disclosure agreement to sign. Which means he cannot discuss specifics of his exploit code until such time that show sponsor TippingPoint notifies the vendor (Apple in this case).
And according to a TippingPoint DVLabs blog, newly discovered '0day' vulnerability in Safari was used to gain control of the MacBook Air. Miller could only take advantage of software pre-installed on the Mac, so the flaw that he exploited must have been accessible, or possibly inside Apple's Safari browser, reports seem to suggest. Meanwhile, Miller ended up being congratulated by last year's winner, Dino Dai Zovi, who'd exploited a QuickTime vulnerability to take home the prize.
Related Links
Tag keywords
Opinion Poll
- Which desktop web browser do you use?
-
Internet Explorer
Firefox
Chrome
Safari
Opera
Other (specify in comments)
Poll Results View Previous Polls