Charlie Miller, also known for his iPhone hack, managed to walk away from CanSecWest’s PWN 2 OWN contest with US$10,000 and a MacBook Air after successfully hacking into the portable computer. Mr. Miller was able to successfully hack the laptop after the rules of the contest were relaxed to allow for more than remote attacks, according to InfoWorld.
On the first day of the event, contestants unsuccessfully attempted to remotely hack into the Mac, a Windows PC, and a Linux PC. On the second day, however, Mr. Miller was able to gain control over the MacBook Air in only two minutes by directing a contest organizer to visit a specially crafted Web site with the laptop.
The Web site contained code that Mr. Miller developed specifically to hack into the Mac.
Exactly what the code did to the MacBook Air is a secret, and will remain that way until after the contest organizers can notify Apple of the exploit thanks to the nondisclosure agreement Mr. Miller was required to sign.
Since the relaxed contest rules on the second day prohibited attackers from using applications that weren’t part of the standard OS installation, Mr. Miller likely took advantage of an undisclosed flaw in the Safari Web browser. Once Apple has been notified of the potential security flaw the company will likely issue an update that patches the threat.