updated 11:55 am EDT, Fri March 28, 2008
Two-minute MB Air hack
The defenses of MacBook Air were hacked within moments in a recent security expo contest, reports say. During the CanSecWest conference's "PWN 2 OWN" competition, participants were expected to hack into one of three notebooks, and read the contents of a file using only an original zero-day attack. An award of $10,000 plus an Air is said to have gone to Charlie Miller, who broke into the computer within two minutes. This was accomplished by redirecting a web browser to a site with exploit code by Miller.
Under the terms of the competition, Miller cannot talk about the details of his exploit until the contest's sponsor notifies Apple, giving it a chance to rectify the problem. It is believed however that since the rules of the competition dictate relying on pre-installed software, the hack was directed through Apple's Safari software.
The speed of the hack is considered especially impressive given that last year, a break-in for the MacBook Pro required nine hours. At the end of Thursday's competition timeframe, two PC notebooks -- a Sony Vaio and Fujitsu U810 -- had yet to be cracked, according to observers.