Two hackers participating in the annual Pwn2own Security Conference managed to hack a MacBook Pro last Wednesday. First, they targeted Safari, then they gained access to Mac OS, and finally, they were able to hijack their way into the MacBook Pro Touch Bar.
It has been almost one year since the Apple company announced the release of their brand new feature for the MacBook Pro’s Touch Bar. This tool has the same qualities than the last panel bar, only that now it has the has tactile technology, like most of the current mobile devices in the world.
The Touch Bar allows the user the possibility to interact with all the applications within the laptop, granting more options concerning the display and functionality of each one of the apps. Besides that innovative experience, the Touch Bar also represents a brand new target for hackers to attack.
Samuel Groß and Niklas Baumstar, duo team of hackers, targeted Safari and the Touch Bar of the MacBook in the Pwn2own security conference, and last Wednesday, they successfully hacked one device.
What could this mean for Apple: Easy to hack devices?
After both Groß and Baumstar had finished their hacking procedures, they did not perform anything too harmful to the device. They only put a saluting message announcing their triumph. However, if a different hacker manages to do it, the consequences may be different.
Many types of Malware could harm Mac users in a variety of ways. The most common of them is the one that keeps the person locked out from their personal information (files, photos, documents, etc.).
Back in February, there was a report of a Mac ransomware that was oriented to the stealing of all the passwords, PIN codes and security codes from a person’s laptop, through an Adobe Flash Player update. However, the server the hackers used was taken down by digital authorities.
According to preliminary summaries from the Canadian Pwn2own conference, the hacking of the MacBook Pro device was “worryingly easy,” as it was reported by Forbes this Sunday. The description of the hack showed how both hackers attacked Safari to gain further access to Mac OS and then took advantage of that access to enter to the Touch Bar internal configuration system.
However, other sources explain that is not as easy as it seems, as not only Groß and Baumstar but all hackers have to do a lot of previous work and perform consecutive exploits in 5 distinct bugs to achieve the attack.
There is a common misconception regarding the Pwn2own conference and what its achievements mean. The mistakes found in a targeted systems usually are found by large teams that work for several days without resting and are the products of un-reported software bugs.
The whole point of events like the one held in Vancouver this month is for technology companies, like Apple, in this case, to be aware of which mistakes are present in the configuration of their systems and then correct the errors and avoid future hacks.
Other targeted systems on the conference were Adobe Flash Player, Google Chrome, Microsoft Edge and Ubuntu, with participants being able to hack their way into them in most cases. The hacker team that wins the conference receives a $1 million prize as well as the “Master of Pwn” crown title.
Source: Forbes