The Touch Bar on the MacBook Pro has been hacked or in the words of the hacking community itself, "pwned". The Touch Bar, however, was not the only victim of hackers at the first day of the Pwn2Own 2017 hacking event which was held on March 15. Also falling to ethical hackers were all the major browsers.
Samuel Groß and Niklas Baumstark successfully hacked the 2016 MacBook Pro's Touch Bar to show the phrase "pwned by niklasb & saelo" which owned the duo some style points. According to Tech Radar, the two ethical hackers made use of three logic bugs along with a use-after-free (UAF) and a null pointer deference to exploit Apple's Safari browser and then grab root access on the MacBook Pro which runs on macOS.
The 10th version of the hacking competition is again being held at the CanSecWest security conference located in Vancouver. The contest involves hackers from all over who are asked to make use of their skills to discover any vulnerability on mobile devices as well as software. While this is a scary thought, the hackers abide by the basic rule of hacking only to find exploits to fix. The white hat hackers are also obliged to fully disclose the techniques they used. This particular rule, which was only instated in 2013 after Google backed out of its sponsorship deal the previous year, requires the pwners to divulge everything they used to hack a device or software. This way, the company who owns the product can make the necessary adjustments to prevent them from being compromised by "unethical" hackers.
The winning hackers receive monetary rewards and bragging rights for their efforts. They also get to keep the device they pwned hence "Pwn2Own". The Touch Bar hackers went home with $28,000, nine Master of Pwn points,and the MacBook Pro for their "partial win".
Last month, a hacker who goes by the name Stackoverflowin pwned more than 150,000 printers in a move that the hacker claimed was done in "good fun" and to help prevent further hacking. There are some, however, who claimed that the hacker required compensation in the form of BitCoins to undo the hack.
The Pwn2Own 2017 hacking event also saw major browsers fall to the white hat hackers. Google Chrome was discovered to have two vulnerabilities that resulted in code execution. Mozilla Firefox also experienced code execution due to a couple of out-of-bound read/write bugs. The Internet Explorer had three UAF bugs and a kernel bug and finally, the aforementioned Safari's exploits included a sandbox bypass and a heap overflow aside from the bugs and UAF that resulted to the MacBook Pro's Touch Bar hack.