Monday, March 31, 2008

MacBook Air Hacked

The ninth annual CanSecWest 2008 Conference was held last week in Vancouver, British Columbia. CanSecWest focuses on applied digital security, bringing together ndustry luminaries in a relaxed environment that promotes collaboration and social networking.

A crowd favorite at the conference has been the hacking contest and last week the tradition continued. This year's target machines were Ubuntu, Vist and OSX based. Here's details on the contest from the CanSecWest website:

Three targets, all patched. All in typical client configurations with typical user configurations. You hack it, you get to keep it.

Each has a file on them and it contains the instructions and how to claim the prize.

Targets (typical road-warrior clients):

  • VAIO VGN-TZ37CN running Ubuntu 7.10
  • Fujitsu U810 running Vista Ultimate SP1
  • MacBook Air running OSX 10.5.2

This year's contest will begin on March 26th, and go during the presentation hours and breaks of the conference until March 28th. The main purpose of this contest is to present new vulnerabilities in these systems so that the affected vendor(s) can address them. Participation is open to any registered attendee of CanSecWest 2008.

Once you extract your claim ticket file from a laptop (note that doing so will involve executing code on the box, simple directory traversal style bugs are inadequate), you get to keep it. You also get to participate in 3com / Tipping Point's Zero Day Initiative, with the top award for remote, pre-auth, vulnerabilities being increased this year. Fine print and details on the cash prizes are available from Tipping Point's DVLabs blog.

Quick Overview:

  • Limit one laptop per contestant.
  • You can't use the same vulnerability to claim more than one box, if it is a cross-platform issue.
  • Thirty minute attack slots given to contestants at each box.
  • Attack slots will be scheduled at the contest start by the methods selected by the judges.
  • Attacks are done via crossover cable. (attacker controls default route)
  • RF attacks are done offsite by special arrangement...
  • No physical access to the machines.
  • Major web browsers (IE, Safari, Konqueror, Firefox), widely used and deployed plugin frameworks (AIR, Silverlight), IM clients (MSN, Adium, Skype, Pigdin, AOL, Yahoo), Mail readers (Outlook,, Thunderbird, kmail) are all in scope.
Here's the results according to Heiss Online:

Of three laptops to be hacked, the MacBook Air with Mac OS X 10.5.2 was the first to fall victim to crack attempts of participants in the PWN to OWN contest at CanSecWest. The laptops with Windows Vista SP1 and Ubuntu 7.10 remain uncompromised. According to information provided by organizers of the TippingPoint competition, Charlie Miller, Jake Honoroff and Mark Daniel of security service provider Independent Security Evaluator were able to take control of the device through a hole in the Safari web browser. The vulnerability has supposedly not yet been made public and is still under wraps until Apple is able to provide a patch. In addition to $10,000 prize money, the winners also get to keep the MacBook as a bonus.

Here's more on the contest from ChannelWeb:

The vulnerability has been purchased by the Zero Day Initiative, and has been made known to to Apple, which is now working on the issue, TippingPoint said. "Until Apple releases a patch for this issue, neither we nor the contestants will be giving out any additional information about the vulnerability."

No comments: