Touch Bar in New MacBook Pro ‘Hacked’ by White Hat Hackers

Apple’s idea for bundling in a strip of OLED touchscreen at the top of the keyboard for its new MacBook Pro with Touch Bar was to increase user productivity. Called the Touch Bar, this cool new feature has been touted as the next frontier in computing. However, a couple of hackers have just done something with it that Apple or any other party never thought could be possible. The two hackers were able to hack it well enough to display their name on it.

The two hackers, Samuel Groß and Niklas Baumstark, were able to breach the Touch Bar at the hacking event titled Pwn2Own at the CanSecWest security conference in Vancouver. They managed to pull this off by harnessing the capabilities of a few bugs that allowed them to root access of the macOS through its Safari web browser. To show just how good they were, the two displayed a message “pwned by niklasb and saelo” on the MacBook Pro’s Touch Bar.

Gif shared by hackers show Mac OS Touch Bar was hacked

No need for panic

While this may be alarming to users, there is no reason to worry. In fact, this event is held to bring together ethical hackers (or white hat hackers) who discover security flaws in IoT and computing devices. The manufacturers of these devices then get details about these flaws to fix them before cybercriminals get their hand on them.

In the case of Mac OS touch bar, the two white hat hackers were awarded $28,000. However, the organizers of the event referred to their hack as ‘partial’ and stated that “In a partial win, Samuel Groß and Niklas Baumstark earn some style points by leaving a special message on Mac’s touch bar. They used a use-after-free (UAF) in Safari combined with three logic bugs and a null pointer dereference to exploit Safari and elevate to root in macOS.”

Chaitin Security Research Lab also harnessed the same method of exploiting Safari web browser and gaining root access to the macOS. For that, they took home $35,000. Pwn2Own has turned out to be a pretty influential event since the participants have reported critical security flaws in high-profile products including Linux Ubuntu, Adobe Reader, Adobe Flash, and Windows OS.

DDoS attacks are increasing, calculate the cost and probability of a DDoS attack on your business with this DDoS Downtime Cost Calculator.

Related Posts