Researchers Hacked A MacBook Pro And Hijacked Its Touch Bar

When they launched their new MacBook Pro last year, Apple revealed one of the biggest design changes ever to their top-of-the-line laptop. They ripped out all the function keys at the top of the keyboard and replaced them with a thin, touch-sensitive display: the Touch Bar.

The Touch Bar lets you interact with Mac apps in ways that weren't possible before. It also presents a unique target for hackers to go after when they set their sights on attacking your MacBook.

At this year's installment of Pwn2Own, a hacking competition that's been taking place since 2007, the duo of Samuel Groß and Niklas Baumstark did exactly that. They attacked a Safari on a MacBook Pro to gain deeper access to Mac OS, and then used that access to hijack the Touch Bar.

They didn't do anything too insidious, as you can see. After gaining control, they scrolled a message across the Touch Bar announcing their triumph.

It's not hard to imagine cybercriminals doing something much nastier if they gained control of a system, though. Malware that can lock away your files is bad enough, but just think about Mac ransomware that could cripple part of functionality that makes your MacBook Pro unique.

Some reports call the Touch Bar hijack "worryingly easy" to pull off, but that doesn't seem to be the case. Groß and Baumstark had to chain together exploits for five different bugs in order to take control. And this isn't something that they figured out in a few minutes at the contest.

That's a common misconception about Pwn2Own. The attacks that are demonstrated there tend to require a lot of painstaking research, sometimes by large teams. They also rely on zero-day vulnerabilities, which are previously un-reported software bugs, and those aren't generally all that easy to find.

Events like Pwn2Own actually make it less likely that someone will be able to replicate Groß and Baumstark's attack. Once the demonstrations are done, vendors like Apple are provided with the information they need to plug the holes and keep your system safe.

Source: forbes


Popular posts from this blog

Hacking through the years: a brief history of cyber crime

Early warning system for mass cyber attacks