There was a competition at the CanSecWest security conference to see who could hack/control/Pwn any of the three laptops (VAIO VGN-TZ37CN running Ubuntu 7.10; Fujitsu U810 running Vista Ultimate SP1; MacBook Air running OSX 10.5.2) available. The prize for the first successful hack was the laptop and a cash prize that reduced the more access given to the machine.
The competiton, organised under the Zero Day Initiative (ZDI), founded by TippingPoint, was to read the contents of a designated file on the laptop. The level of access to the machine increased as the three day event ran.
The first day, where the only access was via a cross-over cable with no user interaction, drew a blank from the intrepid hackers, so the $20,000 cash prize went unclaimed.
Day two expanded the access to the machine to include any default installed client-side applications, exposing weaknesses which could be exploited by following a link through email, vendor supplied IM client or visiting a malicious website.
The MacBook Air fell to the team of Charlie Miller (he of iPhone hacking fame), Jake Honoroff, and Mark Daniel in two minutes of attack, through a weakness in Apple’s Web browser, Safari, which was used to connect to a Web site with malicious code on it.
The team picked up the Air and $10,000 prize money.
By the end of the day, neither of the other two machines had been compromised.
The comp is also running today to see if either of the two machines fall, which you can follow on the DVLabs blog
In line with the rules of the competition, once the exploit had been discovered, it was only revealed once the maker of the vulnerablecode had been alerted – enabling them to create a fix.
We expect there was coding a frantic at Apple last night.
image courtesy of dvlabs
One Response to “PWN To OWN: MacBook Air Hacked In 2 Minutes”