Competing Hackers Discover Method for Hijacking the Touch Bar
When Apple revealed its long-awaited refresh of the MacBook line last year, the Touch Bar was touted as a major selling point. By incorporating the same sensor technology already present in the iPhone, Apple said that a wide variety of new applications were available. From rapid online purchasing to using your fingerprint to unlock your Mac, it attracted plenty of attention. Apple even discussed its efforts to secure the Touch Bar, since protecting user biometric information and payment data is of obvious importance.
However, a recent hack of the Touch Bar through a Safari exploit reveals that even this new hardware could still fall prey to attack. The hack made its appearance during the CanMacWest security conference, which hosts the annual “Pwn2Own” hacking competition. During the competition, hackers worked around the clock to develop new successful attacks against popular systems. If they demonstrated a successful hack, they received a cash prize. With a pool of $1 million available, there is a frantic effort to find and exploit security flaws in Apple computers and more.
It may sound sinister, but this type of event is in fact for the public good. Not all hackers are the bad guys — what the industry calls “black hats.” Instead, their good counterparts, “white hat” hackers, work to uncover flaws and exploits within systems so that companies like Apple can fix them. They play a vital role in stopping attacks from reaching the wild. Two such individuals, Samuel Groß and Niklas Baumstark, used five separate bugs to alter the Touch Bar’s operation. Through exploiting bugs in Safari, they could display a custom message on the Touch Bar.
Other hackers at the conference also devised methods for gaining root access on macOS machines. However, the exact method for these hacks isn’t yet known; the teams hand over all information on what they uncover to Apple confidentially. This way, Apple can quickly identify the problems, develop fixes, and ultimately issue patches to keep users safe.
As events like Pwn2Own continue, will more exploits in Apple’s products appear? In years past, these competitions have proven fertile ground for Safari exploits and other vulnerabilities. Ultimately, we all benefit from these efforts, and it makes us all safer.