Charlie Miller, also known for his iPhone hack, managed to walk away from CanSecWest's PWN 2 OWN contest with US$10,000 and a MacBook Air after successfully hacking into the portable computer. Mr. Miller was able to successfully hack the laptop after the rules of the contest were relaxed to allow for more than remote attacks, according to InfoWorld.
On the first day of the event, contestants unsuccessfully attempted to remotely hack into the Mac, a Windows PC, and a Linux PC. On the second day, however, Mr. Miller was able to gain control over the MacBook Air in only two minutes by directing a contest organizer to visit a specially crafted Web site with the laptop.
The Web site contained code that Mr. Miller developed specifically to hack into the Mac.
Exactly what the code did to the MacBook Air is a secret, and will remain that way until after the contest organizers can notify Apple of the exploit thanks to the nondisclosure agreement Mr. Miller was required to sign.
Since the relaxed contest rules on the second day prohibited attackers from using applications that weren't part of the standard OS installation, Mr. Miller likely took advantage of an undisclosed flaw in the Safari Web browser. Once Apple has been notified of the potential security flaw the company will likely issue an update that patches the threat.
CloseViewName:Guest Fri Mar 28, 2008 10:08 amSubject: lol
Apple rarly takes these things to heart, once a vulnerabillity is discovered it usualy takes them 6 months to patch it, if they do at all. They seriously just don't care about these vulnerabillities.
they had to execute a specific code from a website in order to hack it. they couldn't do it via network. i'm just wondering if a user would have to give it permission to install an application. it'll be be patched by the end of next month.
CloseViewName:Guest Fri Mar 28, 2008 11:05 amSubject:
Quote
Guest wrote: Just Apple was hacked
Does that mean there were no attempts, or no successful attempts? Significant differences, there.
BTW: I think it's "unfair" to stress the "two minutes" aspect of this. It took more than two minutes to research this, and more than two minutes to code it. Sure, the actual "attack" took place in that short timeframe, but a lot of work went into getting there.
ok...so if you read it carefully "Mr. Miller was able to gain control over the MacBook Air in only two minutes by directing a contest organizer to visit a specially crafted Web site with the laptop." That is the only way to hack into a UNIX box in the first place. you have to gain control of it, not like windows when spyware, malware, and anything else can install and seed itself without someone known it. I praise Charlie Miller for the fine work he is doing. Steve Jobs, Hire this guy!!!
Clicking Links is not the same as having malicious code maliciously installed on your machine. If you click a suspicious link, I'm sorry, but you deserve what you have coming. The fact that the guy researched it for a month or more, as one of the articles I read implies, and didn't bother telling Apple tells me he doesn't give a crap about security, only cash prizes and fame. Congratulations exploiting something you have known about for a long time in order to get recognized. The hack didn't take two minutes, it took months of research plus time spent coding. The EXECUTION took two minutes. Read the articles and you'll realize why these contests are simply epeen contests between security "experts" and Windows or Mac fanatics.
The same faulty misrepresentation of the circumstances regarding security have been used for years to bash Windows.
" Mr. Miller was able to successfully hack the laptop after the rules of the contest were relaxed to allow for more than remote attacks"
The minute he can hack a Mac remotely I'll be interested, as it is he did nothing that a moderately advanced user couldn't prevent with a few simple steps and a little common sense.
As one of the guests noted, why expend that effort to get a PC or a Linux machine either, I would have targeted the MBA first as well...
CloseViewName:Intruder- TMO Mac SpecialistPosts: 2837Joined: 07 Jul 2004 Fri Mar 28, 2008 1:44 pmSubject:
As there is definitely a chip on hackers shoulders regarding OS X, and a desire to prove Apple wrong regarding security, it is not surprising that the Air was targeted. it would be really interesting to see the statistics regarding the attempts on the Air vs the attempts on Windows and Ubuntu. Without that information, reporting that the Air was hacked first is meaningless. If nobody was trying to hack the other machines, the Air was first by default.
CloseViewName:gslusherPosts: 2001Joined: 13 Nov 2002 Fri Mar 28, 2008 5:14 pmSubject:
Quote
Guest wrote: "As one of the guests noted, why expend that effort to get a PC or a Linux machine either, I would have targeted the MBA first as well..."
Because all the machines were supposed to be less secure than MacOSX according to Apple?
The sad thing is that IE7 and Vista remained UNCRACKED through to the end of Day 2.
After 2 days, the MacBook Air MacOSX/Safari combo was the *ONLY* compromised system.
And the payout is the same, whether you cracked a more secure or less secure system.
Guess we know which ones are actually less secure now.
All it took was to send a user to a URL to compromise the MacOSX system. Vista didn't even crumble under this despite running IE7.
That is completely illogical. Charlie used a vulnerability he discovered to hack the MacBook Air. He didn't TRY to hack the others. Given his talent, he probably could have done so just as easily. You don't know.
Also, ONE vulnerability proves nothing. How long (months?) did it take him to find that and develop an exploit?
Calm down people. The Mac was hacked because it ships with a browser that has a bug (Safari 3.1). Windows & Linux don't ship with Safari. End of Story. We should thank Charlie for identifying it and giving Apple the chance to fix it.
Apple needs to (and probably will) take this seriously. The best way to handle it would be with better communication (like Mozilla) when they issue an update. I won't be holding my breath, because Apple has a very arrogant attitude when it comes to communicating about updates.
Of course, I am still curious as to whether or not an Administrator password had to be entered to install software OR if it was as simple as clicking on the link and being owned.
If it was the latter... it is a genuinely NASTY error.
CloseViewName:daemonPosts: 305Joined: 17 May 2007 Fri Mar 28, 2008 6:08 pmSubject:
According to various accounts Charlie Miller used to work for the NSA, so even though the MacBook Air is still the only laptop of the three to fall (it was the first one tested yesterday with the relaxed rules) so far, I'm going to declare BS. Not because it isn't a valid crack, but because we have no idea what kind of privledged information Miller had access to while at the NSA that would have allowed him to develop the crack that took control of the MacBook Air.
CloseViewName:slappyPosts: 1Joined: 28 Mar 2008 Fri Mar 28, 2008 7:58 pmSubject:
I don't think its BS. He developed the hack based on a known flaw. Just like the Windows hackers were basing their attack on known Windows flaw. The results were that the Mac was easily hacked. While Vista could not be hacked the same day. So far its still not hacked yet.
Here is the news of the vista machine falling to the way side!!! linux the only one standing...
so, all you DOS turds...lets here it now!!!
why hack a machine with VISTA on it????? The air is worth so much more? I am SURE if they wanted to, they would have cracked the vista machine. But why? sell it on ebay like he did with the hacked iphone? Praise the all mighty dollar!!!!!
CloseViewName:Intruder- TMO Mac SpecialistPosts: 2837Joined: 07 Jul 2004 Sat Mar 29, 2008 7:13 pmSubject:
Actually, all three systems did fairly well. None were hacked on the first day when it was really a "hack the OS" day. The second day was attacking installed software (not the OS), and a flaw in Safari was found - a good thing, as it will lead to a fix. On the third day, third party apps were attacked and a flaw in Flash was found - a good thing, as it will lead to a fix.
From what I have read, the folks that cracked the Vista machine also had a proposed exploit for the Ubuntu machine but didn't find it worth the remaining time to run the exploit.
While the Windows and Linux fans will tout their "success" over the Mac, NONE of the OS's succumbed to the OS-only attack. Not the Mac. Not Vista. Not Ubuntu.
CloseViewName:Intruder- TMO Mac SpecialistPosts: 2837Joined: 07 Jul 2004 Sun Mar 30, 2008 10:42 pmSubject:
Actually the rules were relaxed (per the rules in the contest) to allow attacks through standard installed software. IE for Windows and FF for Ubuntu would then be valid attack vectors. He was not sitting there with direct hardware access.
Every hack I've seen the last years using Safari have been due to a bug in Safari that allows you to run code if you can convince Safari that the file extension is "Safe". This setting allowing Safari to run "safe" files is I believe still there But has been turned of for years in Firefox and IE.
Correct me if I'm wrong, but I would bet that upcoming patch will fix, yet another way to do this... But It would be better to turn of this Default setting.
...but now you are using good common sense in putting scattered info together and drwawing a logical conclusion. How many people do that? How many people read "...2 minutes to hack into a MacBook Air..." and go home thinking "oh, Apple sucks and I knew it".
I am a proud user of PCs since 1992 and have been conscious about clikcking here and there and opening attachments. I have purchased my first MAC 3 months ago and love it as well.
This was not a hack done over a network but it was a drive-by into a site that had custom code running behind the scenes. Still, no one is saying whether the user had to "allow" any installation which makes a whole lot of difference.
Other World Computing: Performance SATA Drives up to 1.0TB from $54.99 Replace, Upgrade, Add SATA to Mac Pro, PowerMac G5, iMac G5 & even PowerMac G4(with PCI SATA Card) Specials: 400GB from $99; 500GB 7200RPM from $99; 750GB & 1.0TB In Stock now!
NEW MacPro Memory 800Mhz With Apple Spec Heat Sink 2GB Kit $104 / 4GB Kit $184 / 8GB Kit $362 Click to Maximize your Macs...
NEW MacPro Memory 800Mhz With Apple Spec Heat Sink 2GB Kit $104 / 4GB Kit $184 / 8GB Kit $362 Click to Maximize your Macs...
Mac observers can now play Party Poker for Mac as well as Mac casino games by going to MacPokerOnline.com.
Laptop Hardware Provided by TechRestore - Overnight Mac & iPod Repairs.
Apple EDU: Students, Teachers and Staff Save $100 on MacBook Systems 
4GB 3rd Generation iPod Nano: $99 Delivered 
iMac 2.0GHz Intel Core 2 Duo 20-inch Aluminum LCD: $949 Delivered 
iMac Intel Core 2 Duo 2.16GHz White 24-inch: $1199 Delivered 
MacBook 2.1GHz Core 2 Duo: $949 Delivered 
