MacBook Air Hacked in PWN 2 OWN Contest
MacBook Air Hacked in PWN 2 OWN Contest
by , 8:15 AM EDT, March 28th, 2008
Charlie Miller, also known for his iPhone hack, managed to walk away from CanSecWest's PWN 2 OWN contest with US$10,000 and a MacBook Air after successfully hacking into the portable computer. Mr. Miller was able to successfully hack the laptop after the rules of the contest were relaxed to allow for more than remote attacks, according to InfoWorld.
On the first day of the event, contestants unsuccessfully attempted to remotely hack into the Mac, a Windows PC, and a Linux PC. On the second day, however, Mr. Miller was able to gain control over the MacBook Air in only two minutes by directing a contest organizer to visit a specially crafted Web site with the laptop.
The Web site contained code that Mr. Miller developed specifically to hack into the Mac.
Exactly what the code did to the MacBook Air is a secret, and will remain that way until after the contest organizers can notify Apple of the exploit thanks to the nondisclosure agreement Mr. Miller was required to sign.
Since the relaxed contest rules on the second day prohibited attackers from using applications that weren't part of the standard OS installation, Mr. Miller likely took advantage of an undisclosed flaw in the Safari Web browser. Once Apple has been notified of the potential security flaw the company will likely issue an update that patches the threat.
Observer Comments
According to Tuaw.com
http://www.tuaw.com/2008/03/28/macbook-air-knocked-out-quickly-in-cansecwest-contest/
"It is a little troubling, however, that the other two laptops (Vista and Ubuntu) are still standing."
And as the scales fell from their eyes they came to the sad conclusion that their beloved Mac’s were not divinely inspired.
QuoteGuest wrote:
Just Apple was hacked
Does that mean there were no attempts, or no successful attempts? Significant differences, there.
BTW: I think it's "unfair" to stress the "two minutes" aspect of this. It took more than two minutes to research this, and more than two minutes to code it. Sure, the actual "attack" took place in that short timeframe, but a lot of work went into getting there.
ok...so if you read it carefully "Mr. Miller was able to gain control over the MacBook Air in only two minutes by directing a contest organizer to visit a specially crafted Web site with the laptop." That is the only way to hack into a UNIX box in the first place. you have to gain control of it, not like windows when spyware, malware, and anything else can install and seed itself without someone known it. I praise Charlie Miller for the fine work he is doing. Steve Jobs, Hire this guy!!!
Clicking Links is not the same as having malicious code maliciously installed on your machine. If you click a suspicious link, I'm sorry, but you deserve what you have coming. The fact that the guy researched it for a month or more, as one of the articles I read implies, and didn't bother telling Apple tells me he doesn't give a crap about security, only cash prizes and fame. Congratulations exploiting something you have known about for a long time in order to get recognized. The hack didn't take two minutes, it took months of research plus time spent coding. The EXECUTION took two minutes. Read the articles and you'll realize why these contests are simply epeen contests between security "experts" and Windows or Mac fanatics.
The same faulty misrepresentation of the circumstances regarding security have been used for years to bash Windows.
Fri Mar 28, 2008 12:31 pm Subject: Only one sentence matters...
" Mr. Miller was able to successfully hack the laptop after the rules of the contest were relaxed to allow for more than remote attacks"
The minute he can hack a Mac remotely I'll be interested, as it is he did nothing that a moderately advanced user couldn't prevent with a few simple steps and a little common sense.
As one of the guests noted, why expend that effort to get a PC or a Linux machine either, I would have targeted the MBA first as well...
Fri Mar 28, 2008 1:44 pm Subject:
As there is definitely a chip on hackers shoulders regarding OS X, and a desire to prove Apple wrong regarding security, it is not surprising that the Air was targeted. it would be really interesting to see the statistics regarding the attempts on the Air vs the attempts on Windows and Ubuntu. Without that information, reporting that the Air was hacked first is meaningless. If nobody was trying to hack the other machines, the Air was first by default.
"As one of the guests noted, why expend that effort to get a PC or a Linux machine either, I would have targeted the MBA first as well..."
Because all the machines were supposed to be less secure than MacOSX according to Apple?
The sad thing is that IE7 and Vista remained UNCRACKED through to the end of Day 2.
After 2 days, the MacBook Air MacOSX/Safari combo was the *ONLY* compromised system.
And the payout is the same, whether you cracked a more secure or less secure system.
Guess we know which ones are actually less secure now.
All it took was to send a user to a URL to compromise the MacOSX system. Vista didn't even crumble under this despite running IE7.
Fri Mar 28, 2008 5:08 pm Subject: Only a few people know how it was done
QuoteGuest wrote:
"As one of the guests noted, why expend that effort to get a PC or a Linux machine either, I would have targeted the MBA first as well..."
Because all the machines were supposed to be less secure than MacOSX according to Apple?
The sad thing is that IE7 and Vista remained UNCRACKED through to the end of Day 2.
After 2 days, the MacBook Air MacOSX/Safari combo was the *ONLY* compromised system.
And the payout is the same, whether you cracked a more secure or less secure system.
Guess we know which ones are actually less secure now.
All it took was to send a user to a URL to compromise the MacOSX system. Vista didn't even crumble under this despite running IE7.
That is completely illogical. Charlie used a vulnerability he discovered to hack the MacBook Air. He didn't TRY to hack the others. Given his talent, he probably could have done so just as easily. You don't know.
Also, ONE vulnerability proves nothing. How long (months?) did it take him to find that and develop an exploit?
Calm down people. The Mac was hacked because it ships with a browser that has a bug (Safari 3.1). Windows & Linux don't ship with Safari. End of Story. We should thank Charlie for identifying it and giving Apple the chance to fix it.
Apple needs to (and probably will) take this seriously. The best way to handle it would be with better communication (like Mozilla) when they issue an update. I won't be holding my breath, because Apple has a very arrogant attitude when it comes to communicating about updates.
Of course, I am still curious as to whether or not an Administrator password had to be entered to install software OR if it was as simple as clicking on the link and being owned.
If it was the latter... it is a genuinely NASTY error.
According to various accounts Charlie Miller used to work for the NSA, so even though the MacBook Air is still the only laptop of the three to fall (it was the first one tested yesterday with the relaxed rules) so far, I'm going to declare BS. Not because it isn't a valid crack, but because we have no idea what kind of privledged information Miller had access to while at the NSA that would have allowed him to develop the crack that took control of the MacBook Air.
Sat Mar 29, 2008 6:59 pm Subject: hack one mac and it is the end of the world re-responding:
http://www.news.com/8301-13579_3-9906001-37.html?tag=nefd.top
Here is the news of the vista machine falling to the way side!!! linux the only one standing...
so, all you DOS turds...lets here it now!!!
why hack a machine with VISTA on it????? The air is worth so much more? I am SURE if they wanted to, they would have cracked the vista machine. But why? sell it on ebay like he did with the hacked iphone? Praise the all mighty dollar!!!!!
Sat Mar 29, 2008 7:13 pm Subject:
Actually, all three systems did fairly well. None were hacked on the first day when it was really a "hack the OS" day. The second day was attacking installed software (not the OS), and a flaw in Safari was found - a good thing, as it will lead to a fix. On the third day, third party apps were attacked and a flaw in Flash was found - a good thing, as it will lead to a fix.
From what I have read, the folks that cracked the Vista machine also had a proposed exploit for the Ubuntu machine but didn't find it worth the remaining time to run the exploit.
While the Windows and Linux fans will tout their "success" over the Mac, NONE of the OS's succumbed to the OS-only attack. Not the Mac. Not Vista. Not Ubuntu.
This is a good thing.
Sun Mar 30, 2008 1:52 am Subject: "Guests" need to read this article
The "Guests", and our regular registered posters, should read this article at Roughly Drafted.
Sun Mar 30, 2008 10:42 pm Subject:
Every hack I've seen the last years using Safari have been due to a bug in Safari that allows you to run code if you can convince Safari that the file extension is "Safe". This setting allowing Safari to run "safe" files is I believe still there But has been turned of for years in Firefox and IE.
Correct me if I'm wrong, but I would bet that upcoming patch will fix, yet another way to do this... But It would be better to turn of this Default setting.
Wed Apr 02, 2008 8:33 pm Subject: Guess again...
...but now you are using good common sense in putting scattered info together and drwawing a logical conclusion. How many people do that? How many people read "...2 minutes to hack into a MacBook Air..." and go home thinking "oh, Apple sucks and I knew it".
I am a proud user of PCs since 1992 and have been conscious about clikcking here and there and opening attachments. I have purchased my first MAC 3 months ago and love it as well.
This was not a hack done over a network but it was a drive-by into a site that had custom code running behind the scenes. Still, no one is saying whether the user had to "allow" any installation which makes a whole lot of difference.
Comments are currently closed. Please email the author instead.
Recent Headlines - Updated November 21st
- Fri, 7:07 PM
- Games - Soccer Sim Championship Manager 2010 Released for Mac
- 6:47 PM
- Games - EA Publishes Original Monopoly for iPhone
- 6:15 PM
- News - Original Apple I on Ebay for $50K, w/Letter from Steve Jobs
- 6:11 PM
- Games - New iPhone Games: Secret of the Lost Cavern Ep 1, New DJ Nights, More
- 5:47 PM
- Games - Star Trek D-A-C Game Headed to the Mac Next Month
- 4:57 PM
- Product News - TidBITS Releases “Take Control of Syncing Data in Snow Leopard”
- 4:26 PM
- John Martellaro's Blog - Particle Debris (week ending 11/20) Stationery Pads Go Poof
- 2:59 PM
- Free on iTunes - Musée du Louvre, Art Lite, SketchBook Mobile X and More.
- 1:50 PM
- Deal Brothers - Acer P215H bmid 21.5” Widescreen LCD Monitor: $139.99
- 11:24 AM
- TMO Appearances - Jeff Gamet Shares More Holiday Gift Ideas on MacJury
- 10:43 AM
- Product News - Cocktail 4.5 for Leopard Adds QuickLook Cache Clearing
- 10:06 AM
- News - Hack Enables Mac OS X 10.6.2 on Netbooks
The Mac Observer Reader Specials
- TypeStyler For Mac OS X is Now Shipping! Download The Free Fully Functional 60 Day Tryout at www.typestyler.com
OWC: We Make DIY Upgrading Easy! Maximize your Apple MacBook / MacBook Pro. Up to 8.0GB Memory, up to 1.0TB HD & More. Easy Guide + Free, Detailed Installation Videos. Click here
If you're using a Mac, then you've gotta check out Full Tilt Poker for Mac. This Full Tilt Poker bonus code does the unthinkable, it actually rewards!For the latest Apple products use Ciao, a price comparison website, to find laptops like MacBook Air. Then find the best prices on MP3 players and use our comparison tool to evaluate mobile phones like the Apple iPhone.
Laptop Hardware Provided by TechRestore - Overnight Mac & iPod Repairs.
