MacBooks survive day one in hacker jungle

MacBooks survive day one in hacker jungle

Summary: Two tricked-out MacBook laptops survived the first day of a 'PWN to OWN' contest that dared hackers to take control of default Mac OS X installations.

TOPICS: Security, Apple, Hardware

VANCOUVER, BC --  Two tricked-out MacBook laptops have survived the first day of a 'PWN to OWN' contest that dared hackers to take control of default Mac OS X installations.

MacBooks pwn to own

The contest started around midday Friday Thursday, the second day of the CanSecWest conference here and triggered interest from hackers in attendance but it was not immediately clear just how many attempts were being made to break into the machines.

Organizers say they have seen "some activity" on the network set up with the two new MacBooks -- a 17" and a 15" -- but details remained scarce when the day ended.  According to a report, Tipping Point's Zero Day Initiative has added a $10,000 bounty to the first hacker who launches a successful attack with a new, yet-to-be-patched vulnerability.

The two laptops have been set up on a special access point and the successful hacker must gain admin level access on the 17" machine to qualify for the prize.  To win, the attacker must commandeer the machine and find a file with instructions on how to SSH to a server to authenticate the hijack.

On the second day, the barrier will be lowered a bit and the attackers will be allowed to put exploit code on a special wiki and launch drive-by exploits on the Mac's built-in Safari browser.  If the machines survive this level, the attacker will be allowed to connect to over USB or Bluetooth.

Topics: Security, Apple, Hardware

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • TRULY AMAZING !!!!!!!!!!!!!!!!!!!!!

    The MacBook Pro Survives day one at the hackers contest & there was a $ 10,000.00 bounty for the person who could commandeer the machine . I said it before & I will say it again , for Security & Stability the Macintosh CAN NOT BE BEAT .

    "In a world without walls and fence , who needs windows and gates."
    • It can be

      Take a look at OpenBSD, for example.

      However, Mac OS X is certainly well above the crowd in these regards and an excellent system overall. Much more approachable than OpenBSD from a user perspective...

      Also, the security model used by virtually all modern OSes is inherintly insecure. Very few systems exist with a superior model; for an example, look at the capabilities-based platforms, such as KeyKOS.
      • Well Mac OS X is based...

        ... on top of BSD; Which I suspect is one of the reasons it's so secure. The idea to base the os on BSD was probably one of the best decisions that Apple/Jobs has made.
        • I agree

          BSD based os have many advantages due to the well designed architecture.
    • I agree,,,, it is amazing

      "the second day of the CanSecWest conference here and triggered interest from hackers in attendance but it was not immediately clear just how many attempts were being made to break into the machines.

      Organizers say they have seen "some activity" on the network set up with the two new MacBooks"
    • 1 day is not really a lot of time to hack it

      I'm really glad to hear Mac is going out on the limb as it's a great way to test it's products and give the hackers a challenge that will pay off legally if they succeed. I can't begin to say how much an advantage this would be in Mac ads as it's such a positive method of approaching new consumers. I don't own nor have ever owned a Mac but I have my eyes open and my cheque book nearby in case one of those Leopard OSx machines come down the pike at some point this year.
  • USB and Bluetooth access? Why not really lower the bar?

    So for the inept (or frustrated) Apple basher who can't crack a Macintosh, they have
    to degrade the machine down to USB and Bluetooth access. Why not degrade it to
    the point of leaving the root password on a stickynote by the computer. It difficulty
    of that would match their intellect and wisdom.

    They could still find a way to crow about it and distort the truth. George Ou won't
    report that the Mac wasn't cracked. So at least give them the root password so he
    can report that they did.
    • This is why I give Ryan Naraine 2 thumbs up .

      Ryan Naraine uses an unbiased approach to his reporting . Do you hear that George Ou , you can learn much from this Security Guru . I'm glad ZDNET has removed you from making such reports .
      • boo hoo whats wrong with george ou?

        He has impressed me as a forthright, intelligent writer willing to confront orthodoxy and do some homework and labwork. Now, he probably has an opinion or two, & perhaps some biases. Ipsenol is the only person on the planet without biases or defects :>]
    • Access

      I would draw the line at USB, but allow Bluetooth and Airport. Either one can be available through the walls.
      Nobody expects the Spanish Inquisition!!
    • LOLOL WoW Mac is secure

      LOL in windows anyone with half a brain can hijack a computer through USB or bluetooth!!!!!!!!!!!!! This is retarted. This is bascially a PR stunt to show how unsecure MAC is. I think that it is retarted. No OS is made to keep programs already loaded from exploiting jsut to keep them out in the first place. Even LINUS@!!!
  • This old news

    The event is three days long and ends today on the 20th. So no one's written
    anything about day two which transpired yesterday the 19th.

    There's a big blackout on this news, even at the conference event site. Is this not
    newsworthy enough? Will anyone followup tomorrow when the event if finished?
    • I can see that you're concerned

      about some kind of 24-hour coverup, but I can't figure out what it is or who you think is going to be perpetrating it.
      Technicolour Squirrel
    • I wish Mac would extend to 30 days

      Putting this offer out is a great idea as it will do a lot for Mac advertising as well as providing help in security issues assuming there was any. The issue I see is, it generally takes a lot of developers to come out with a security fix within 30 days. I think Mac should increase the time to 30 days to allow for a hacker to work at his/her attempts to succeed. If one did succeed, it would be good for all concerned including the OS developers.

    ...that you have to PAY THEM TO TRY?
    Feldwebel Wolfenstool
    • Possibly becaue of their inability to hack APPLE . <NT>

    • Today's hackers and money

      Hi Feldwebel,
      today's hackers are really far away from the old fair gentlemen that used to be out there years ago. Money talks today. And you need to preserve your identity if you expect to be in the business. If you go to such a competition, you are giving away yourself for 10K$. It's so few money for the real pros.
      The ones to go into are those with nothing to loose: The remaining fair-plaay guys, and teenagers or students.
      In the other side, security companies could put their people on that. But that is against the business also: You'll don't bite the hand that brings you the food...
      • Well...

        Not necessarily so. Anonymity is all well and good, but you're forgetting that money indeed does speak. I'd have thought that it would have been a good way to advertize yourself to Apple and other companies (and even the Feds perhaps) that you have a clue and might be worth employing.

        That aside, I wonder what would have happened if they had offered a couple of tricked out Vista PC's as prizes if you could hack them. What do you think? Would they have been left alone or would it have been a race?
        • Everything depends on the prize

          If you get half a million per year (tax free) when you're hired by those potential companies, may be it worth the try.
          If you get a normal job, probably it's not enough.
          About Vista PC'S as target, the animosity against MS can be a trigger for some people, not for real pros.
          • Ok then

            I guess this will be spun 6 ways from Sunday depending on how it pans out. Personally I would have thought the *ahem* elite of No_Ax, LoveRock, Mike Cox (?) and perhaps even Bill "OS X gets hacked every day" Gates would have hopped on the fast plane/train/automobile to Vancouver to prove themselves right. Or maybe that was just a cheap shot on my part.