MacBook Air falls in two minutes at PWN 2 OWN

MacBook Air falls in two minutes at PWN 2 OWN

Summary: The MacBook Air fell in two minutes at the CanSecWest security conference's PWN 2 OWN.According to Infoworld, Charlie Miller won the $10,000 prize.

SHARE:
183

The MacBook Air fell in two minutes at the CanSecWest security conference's PWN 2 OWN. According to Infoworld, Charlie Miller won the $10,000 prpwn2own.jpgize. Under the contest rules, organizers offered Sony Vaio, Fujitsu U810, and the MacBook as prizes. On day 1 no one won because they couldn't hack into the laptops with a zero day attack. The MacBook runs OS X 10.5.2. The Vaio runs on Ubuntu 7.10 and the Fujitsu runs on Vista Ultimate. Those two laptops are still standing, but that may be because there's more hacker glory in taking down the MacBook Air.

On Day 2, the rules are relaxed. Two minutes later Miller had his prize. Miller is the researcher behind the first iPhone hack.

Chatter on Twitter indicates that Miller's winning hack was a browser exploit. However, the Zero Day Initiative owns the code so details were sparse.

Ryan Naraine reports:

The Zero Day Initiative has confirmed the winner. In a post, ZDI said:

At 12:38pm local time, the team of Charlie Miller, Jake Honoroff, and Mark Daniel from Independent Security Evaluators have successfully compromised the Apple MacBook Air, winning the laptop and $10,000 from TippingPoint's Zero Day Initiative.  They were able to exploit a brand new 0day vulnerability in Apple's Safari web browser.  Coincidentally, Apple has just started to ship Safari to some Windows machines, with its iTunes update service. The vulnerability has been acquired by the Zero Day Initiative, and has been responsibly disclosed to Apple who is now working on the issue.  Until Apple releases a patch for this issue, neither we nor the contestants will be giving out any additional information about the vulnerability.

Topics: Laptops, Apple, Hardware, Mobility

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

183 comments
Log in or register to join the discussion
  • the details

    here is more info:

    http://dvlabs.tippingpoint.com/blog/2008/03/27/day-two-of-cansecwest-pwn-to-own---we-have-our-first-official-winner-with-picture
    mail123list
    • Questions

      OK. I'm not a security expert, so this hacking thing leaves me with lots of questions (even after reading "the details").

      What does it mean that nothing happened until the rules were "relaxed"? Does it mean that there had to be user interaction (like doing something dumb) or did the user have to access a particular web site for the problem to occur? Could this hack cause bad things to propagate from machine to machine without user interaction? Would it allow information on the affected machine to be compromised?

      There are hacks and then there are hacks. I realize the winners can't release details, but it seems that the possible consequences of the hack could be made public. If all it could do is cause some silly little message to be put on the screen--like some Mac "hacks" have done--what's the big deal? If there's more to it than that, I think it's important for the general public to know about the consequences that could occur

      If anyone knows if this info might be available, I'd like a link, please. Merci.
      Userama
  • RE: MacBook Air falls in two minutes at PWN 2 OWN

    That's a little sad since Mac's claim to fame is a low vulnerability to such things. Pretty soon they'll have to play ball with antivirus software like MS. It should be interesting to see them compete at that level. Nobody ever stops to realize that Macs are only care free when they're less popular. The trend seems to be catching however, and so are viruses.
    IX
    • Oh the agony

      This was a browser exploit. They need to fix the mystery hole
      in Safari. It doesn't sound like a virus. Details are sparse,
      however.

      I don't think the news is sad at all. I'm disappointed, but I
      understand that humans write software. Humans are not
      perfect, therefore, software written by humans is not perfect
      and will have potential vulnerabilities. But you knew that. I
      hope.

      I still don't buy the Mac security through obscurity idea.
      Criminals are criminals. They take the easy and sure route
      virtually every time to steal what they want. They are not
      professional software developers who care about reaching the
      widest platform market, as some people erroneously think.
      They have no scruples and prey on the weak.

      IMO, the people who seem to think Macs are perfect are those
      who don't own a Mac. And it gets so tiring hearing that same
      line all of the time. We do live in the real world, after all.
      Chiatzu
      • security through obscurity

        It's very simple, If I write a string of code to sieze control of some computers. Which is more valuable. 3 weeks of research to seize 300 computers or the same 3 weeks to seize 10000. Up until a few years ago, that was the formula based on a 3% market share. While this statement is semi-true ("They are not
        professional software developers who care about reaching the widest platform market") it is misleading. it could be rewritten as "They are SKILLED AMATURE software developers who care about CONTROLLING the widest platform market. As you said "Criminals are criminals. They take the easy and sure route virtually every time to steal what they want." 10000 chances vs 300 chances. You do the math.
        Scubajrr
        • Your valuable time formula revisited.

          [b]Scubajrr:[/b] [i]Which is more valuable. 3 weeks of research to seize 300 computers or the same 3 weeks to seize 10000?[/i]

          You&rqsuo;re assuming that it takes equal R&D time to figure out how to hack both.

          In the past, it was more like 3 weeks to sieze 10,000 vs. 2 <i>months</I> to sieze 300. Why? Because before one could even understand the dissassembly of the Mac OS X system code, one first needed to know how to program a PowerPC chip at the machine language level. Few hackers knew how to do that already. Most concentrated on the far more popular x86 (Intel/AMD).

          This was an extra level of security through obscurity, and now it&rsquo;s gone because Apple switched to the x86 chip. I understand the very valid business, efficiency, and performance reasons for doing so (especially once Intel finally gave up on the hideously flawed Pentium 4 architecture and went to the Core chips which were based on Pentium M which in turn was based on the older but much more efficient Pentium 3 &mdash; I seem to recall that the first Intel Macs were the very first Core-powered computers on the open market), but there was a downside, and now we&rsdquo;re seeing it.

          Apple has lost a major reason for its seeming invulnerability to malware, and they can never get that back. Even if they switch to some new obscure processor in the future, now lots of x86 hackers have an understanding of the inner workings of the Mac OS X, so learning the new machine language is all that&rsquo;s needed.
          Joel R
      • Don't be disappointed

        The reason the MacBook Air went first is because all the
        hackers wanted the machine, not because OS X was an easier
        target.

        I don't think anyone has even tried to hack the other two
        laptops; there's no lust factor in the hardware or OS.
        frgough
        • Please...

          frgough:

          Spare us the usual apologies. It's common knowledge that Apple issues software that has more holes than a giant block of Swiss cheese. QuickTime. iTunes. And yes, Safari.

          It would make no difference if the Mac being pwned was a MacMini, iMac, MacBook, MacBook Pro, MacBook Air, or PowerMac--they all come with Safari pre-loaded. It's not the OS, it's not the hardware, it's the software that's being exploited.
          M.R. Kennedy
      • well

        Vista hasn't had any exploits that I know of other than for IE7, Windows Mail, and for other non-OS sources. At least on Windows these don't come natively installed.

        I'm going to say this for the umpteenth time: The people making viruses are typically not criminals. The users who make worms for identity theft are criminals. Many virus makers don't even intend their virus to be used. It's usually a proof of concept that gets loose. Wikipedia it. Most of them, therefore, are professional coders. They are working on the system they are MOST familiar with, which is, by default, Windows. A recent study showed that of current operating systems (since 2000), Vista had the least exploits (and the most code), Xp was 2nd least, followed by OS X, and then several linux distributions. Obviously, people target windows. If I'm trying to steal people's information, and 90% of users are on Windows, Why On Earth would I write a virus to attack Mac's 6%? Oh yay! I got all 6 mac users who clicked on my virus! Vs the 90 I would get for Windows. Really now. The money to be made is for Windows, because you have more people using it, as well as it is cheaper. If people spend less on something, they are less likely to spend money securing it, so they are more open. There are just too many factors showing that mac does in fact work by Security Through Obscurity.
        evilkillerwhale@...
    • A Virus is not the same a hack to PWN

      Only stupid mac users claim that a mac is not vulnerable to hacks and
      viruses.
      If it is a computer it runs code so it can be hit by a virus and it more
      then likely has security flaws that can be hacked.

      What SMART Mac Users claim is that 90% of viruses and hacks are
      directed at Win32 operating systems. Which leaves the Mac unaffected
      by the specific Win32 viruses that makeup that 90%.

      So can a Mac be hacked? of course it can? Is it safer from viruses then
      a windows computer? Well at this time yes because the majority of
      viruses are still written for windows computers and even if Apples
      market share does grow among individual users the target will still be
      the enterprise systems and I do not see Microsoft loosing that market
      anytime soon. So I won't be smug and say macs can't get a virus they
      can
      but I can say with full confidence that they are unaffected by Win32
      viruses. And that means when the latest windows virus is going
      around you can rest easy knowing at least that particular virus will not
      effect your Mac. That does not mean you put your head in the sand
      and feel a Mac is safe from any attack that is stupid.
      Michael Fournier
  • a little misleading...

    it falls in two minutes.. the second ay because it wasn't able to be hacked the first day... not exactly falling in 2 minutes.

    It was also after rule were relaxed, and they couldn't hack it
    until they made the Mac go to a certain website he had set
    up... boring...

    Maybe all it proves is he wanted the Mac really bad?
    doh123
    • Not really misleading...

      Those were the contest rules. New attack types were allowed as the days went by. I believe the first day only allowed network attacks and there aren't many holes to exploit over the network at the moment. Most breaches today come from users accessing something the shouldn't either through carelessness or trickery. This is probably what most contestants were aiming for.

      So from the time the guy was allowed to touch the laptop and point the browser somewhere and ATTEMPT an exploit it took 2 minutes.
      storm14k
      • But he setting up the website took him more than two minutes.

        You seem to ingnore, that he had already setup a website
        with the exploit. So it took him more than two minutes.
        sigma2
        • enough with the excuses

          the Mac fan base need to accept that the Air was equipped with out of the box software 'Safari' (the same thing Apple are trying to push onto Windows users) and out of the box it was compromised - enough said- it was vulnerable.

          Is it hilarious that it was the unbeatable Mac OSX ? - you bet :-)
          Paul Fletcher
        • ...

          I click file upload. I click the file I want, and it uploads. 10 seconds used. I call the place, tell them I've done it, and tell them where to go. 1 minute and 35 seconds taken. They type in the name and let it load, the exploit wins, and the last 15 seconds are used.

          More often than not, a virus is written a long time before it's released. He might not have even written it.
          evilkillerwhale@...
      • no...

        no that part isn't misleading, i just meant a title trying to make it seem someone sit down and found a new vulnerability and took advantage of it all in two minutes... which didn't happen. It took 2 minutes to actually hack the Mac, not including any preparation before hand.

        But its no surprise that Safari sucks...
        doh123
    • Re: a little misleading...

      Boring? Hehe... a typical fanboi running out of words to say!
      silent.griffin
    • No matter how you spin this

      [i]Maybe all it proves is he wanted the Mac really bad?[/i]

      Maybe, but it also proves that Vista is better. :)

      [i]they couldn't hack it until they made the Mac go to a certain website he had set up... boring...[/i]

      You realize that you also have to admit they couldn't hack the Vista machine with [b]either[/b] set of rules.

      Mac fans have been blathering on for years that it was impossible to run Windows safely yet here is a default Windows machine, unhacked for two days while the OS X machine sits there doing its new hacker owner's bidding. This is actually less about how quickly OS X fell and more about how well Vista performed. It completely shatters all the arguments from any Mac fan who ever even once said that you couldn't run Windows safely. They were wrong, end of story.
      NonZealot
      • Have yet too see you post on a MS or Linux discussion?

        How does that work for a NonZealot anyway?

        Pagan jim
        James Quinn
        • Where's OLE MAN?

          Anybody notice
          he and his
          hard carriage
          returns are
          conveniently
          missing
          from
          this
          post?
          scottz29