Skip to content
April 02, 2008

MacBook Air cracked in 2 minutes at PWN to OWN Contest

The “Pwn to Own” Hacking Contest held last week was a security battle amongst 3 major operating systems – MacOS X Leopard, Windows Vista, and Ubuntu Linux. The 3-day hacking contest gives away $20,000 in cash and prizes to the first contestant to hack any of the 3 systems.

The goal is to hack a laptop via the operating system. First one to hack any of the laptops gets to bring it home:

  • VAIO VGN-TZ37CN running Ubuntu 7.10
  • Fujitsu U810 running Vista Ultimate SP1
  • MacBook Air running OSX 10.5.2

The main purpose of this contest is to responsibly unearth new vulnerabilities within these systems so that the affected vendor(s) can address them.

To claim a laptop as your own, you will need to read the contents of a designated file on each system through exploitation of a 0day code execution vulnerability (ie: no directory traversal style bugs). Each laptop will only have a direct wired connection (exposed through a crossover cable) and only one person may attack each system at a time so that each team’s exploit remains private.

On the first day of the competition, all 3 laptops were unscathed. On the second day, the very first rig to be hack was surprisingly the MacBook Air (pwned in 2 minutes) via an undisclosed Safari browser vulnerability. That On the last day, the Windows Vista machine was also cracked. At the end of the 3 day competition, only the Ubuntu box remained untouched.

All newly discovered vulnerabilities were reported to Apple and Microsoft respectively. More details about the competition on the Tipping Point blog.

Apple releases MacBook Air
Lenovo X300 vs. Macbook Air
Apple introduces 11.6" Macbook Air

15 Responses to “MacBook Air cracked in 2 minutes at PWN to OWN Contest”

  1. No wonder why it is called macbook air.

  2. spidamang says:

    and as usual, the web is in a furor from all these OS fanboys defending their favorite OS. ;)

  3. Steady says:

    Wow, it’s kinda surprising to see a free OS being the most secure one.:)

  4. BrianB says:

    OS X is the easiest to hack, everyone knows that. Linux is every IT technician’s nightmare. Lose your password and you’re dead.

    • Daison says:

      well, ubuntu was the one who charlie miller’s 1st day to exploit, but no luck, because it’s secured and stable than other OS, ubuntu is now passing the OS today, like Android Linux OS.

  5. Dark Knight says:

    Hi Abe. Vista was compromised on the third day (not the 2nd like you reported) upon installation of an Adobe product. :)

  6. Jeffrey says:

    Surprisingly, the fanboys did not troop this site to defend their beloved Apple/Mac unlike when Abe talked about the prices of Apple a few months ago.

  7. whoa.. the free OS is super duper secured :P

  8. or maybe the hackers are fanboys of ubuntu so they didn’t try hard to crack the OS. :P

  9. Anton
    Twitter: antonsheker
    says:

    @ jeffry

    nothing to defend.. safari is really a buggy browser most people i know use firefox

  10. spidamang says:

    Or they really wanted to own the Mac. ;)

  11. koolitz says:

    i guess…safari sucks..not the OS

  12. moshfetron333 says:

    the advantage of OSS is that the code was reviewed by many programmers and detected instantly unlike those corporate softs owned codes was reviewed by little and limited. and the worst sinister thing that may happen to apple/microsoft is that when one of their programmer puts a loophole within their codes and left unnoticed by other programmers. ‘conspiracy may happen’

  13. It seems like the Ubuntu was ignored by the contest participants…

    Linux ignored, not immune, says hacker contest sponsor

  14. marian says:

    wow, GO UBUNTU!

Leave a Reply

*
*