facebook rss twitter

Mac is the first to fall in Pwn2Own hack contest

by Parm Mann on 28 March 2008, 09:21

Tags: Apple (NASDAQ:AAPL)

Quick Link: HEXUS.net/qamfd

Add to My Vault: x

The Register

Dan Goodin of The Register reports:

Charlie Miller, who was the first security researcher to remotely exploit the iPhone, felled the Mac by tapping a security bug in Safari. The exploit involved getting an end user to click on a link, which opened up a port that he was then able to telnet into. Once connected, he was able to remotely run code of his choosing. The feat won him a $10,000 prize paid by Tipping Point, whose Zero Day Initiative pays bounties to researchers for responsibly disclosing vulnerabilities.

The hack came during the Pwn2Own contest, which is being held at the CanSecWest conference in Vancouver. The competition took place in a conference room overlooking the city's Burrard Inlet, a harbor where pontoon planes took off and disappeared into black rain clouds shrouding nearby Grouse Mountain. A small round of applause broke out immediately after contest officials confirmed Miller's exploit was legit.

At time of writing, the Windows and Linux machines were still standing.

Under contest rules, Miller was forbidden from providing specifics of his hack. He said he chose Apple over the other machines because "I thought of the three it was the easiest". He said he didn't test the exploit on any other platform. As a Mac user, he added, he felt an incentive to exploit the system because he believes it will help make the platform stronger. Miller, who works for Independent Security Evaluators, received help from co-workers Jake Honoroff and Mark Daniel.

Miller's win came on day two of the contest, which gradually eases the rules for what constitutes as qualifying exploit. Not a single attendee entered the contest on day one, when all vulnerabilities had to reside in the machine's operating system, drivers or network stack. Winners were eligible for a $20,000 prize.

On day two, the attack surface was expanded to include browsers, mail applications and other common applications, and the bounty was reduced to $10,000. Contestants on day three will be allowed to attack still more applications, such as Skype, QuickTime and browser plugins for a $5,000 prize.

The Safari exploit came a day after Secunia warned of two critical vulnerabilities in the Apple browser.

As we've said in the past, one benefit of the Pwn2Own contest is its ability to eliminate economic variables from the argument over whether a given platform is vulnerable to attack. Given the proper incentive, it's safe to say that any is ripe for the picking.

HEXUS Forums :: 22 Comments

Login with Forum Account

Don't have an account? Register today!
Posted by Mike Fishcake - Fri 28 Mar 2008 09:25
What's that strange cracking noise?

I think it's the sound of backlash ;)
Posted by dangel - Fri 28 Mar 2008 09:37
I hear the distant roar of approaching excuses.
Posted by pollaxe - Fri 28 Mar 2008 09:38
I feel a giggle coming on…. ;)
Posted by badass - Fri 28 Mar 2008 10:01
Interesting.
Miller's win came on day two of the contest, which gradually eases the rules for what constitutes as qualifying exploit. Not a single attendee entered the contest on day one, when all vulnerabilities had to reside in the machine's operating system, drivers or network stack. Winners were eligible for a $20,000 prize.

On day two, the attack surface was expanded to include browsers, mail applications and other common applications, and the bounty was reduced to $10,000. Contestants on day three will be allowed to attack still more applications, such as Skype, QuickTime and browser plugins for a $5,000 prize.
No one tried to attack any of the core OS parts on any of the OS's
Posted by TheAnimus - Fri 28 Mar 2008 10:05
A couple of points, 2 minuites isn't really the issue, because this obviously had taken some crafting beforehand.

what is serious is what the hell is a browser doing running as a super user, or in a way that it can jail break to become. I can't help but feal that little has been done to prevent it.

Yes it will always be possible to find a hole in any OS odds are, as all it takes is ONE bug in MILLIONS of lines of code.

But here is where the big but comes. As a kernel NT has always been well designed from a security point of view, then with the wake up call of mostly harmless things like blaster and the more playfully malicous exploits for sql server and backorafice etc. as well as the IIS exploits of old. This really was a wake up call for most people (those who remeber linux back in the 2000 erea days won't begin to say it was secure, root hat anyone!).

But this is why i dislike apple, they've made no efforts to recognise that people will do this sort of thing, their market share is a bizzare mix of people who normally don't seam to use much rational logic in their choice of system, as such they've no need to worry about security. As apple don't try to make anything thats remotely enterprise, they've got no one demanding security. Whilst they have the ordasity to run adds that suggest they have no viruses (anyone who says their OS dosen't have a virus, deserves someone to write one then and there to shut them up).

But in all honesty apple lost because so few people spend time looking for bugs in their code normally, that when someone does on an equal market share platform, people will find them. If this was to be remotely realistic, the price for vista should of been well into the 7 digits, mabye scraping 6 for ubunto and perhaps 50p for OSX. Then you'd find the Vista box would probably of fallen just as quickly.

SEE NEWER »