full screen background image

White Hat Hackers ‘Hacked’ Touch Bar in New MacBook Pro

Apple’s idea for bundling in a strip of OLED touchscreen at the top of the keyboard for its new MacBook Pro with Touch Bar was to increase user productivity. Called the Touch Bar, this cool new feature has been touted as the next frontier in computing. However, a couple of hackers have just done something with it that Apple or any other party never thought could be possible. The two hackers were able to hack it well enough to display their name on it.

The two hackers, Samuel Groß and Niklas Baumstark, were able to breach the Touch Bar at the hacking event titled Pwn2Own at the CanSecWest security conference in Vancouver. They managed to pull this off by harnessing the capabilities of a few bugs that allowed them to root access of the macOS through its Safari web browser. To show just how good they were, the two displayed a message “pwned by niklasb and saelo” on the MacBook Pro’s Touch Bar.

No need for panic

While this may be alarming to users, there is no reason to worry. In fact, this event is held to bring together ethical hackers (or white hat hackers) who discover security flaws in IoT and computing devices. The manufacturers of these devices then get details about these flaws to fix them before cybercriminals get their hand on them.

In the case of Mac OS touch bar, the two white hat hackers were awarded $28,000. However, the organisers of the event referred to their hack as ‘partial’ and stated that “In a partial win, Samuel Groß and Niklas Baumstark earn some style points by leaving a special message on Mac’s touch bar. They used a use-after-free (UAF) in Safari combined with three logic bugs and a null pointer dereference to exploit Safari and elevate to root in macOS.”






Anastasis Vasileiadis

PC Technical || Penetration Tester || Ethical Hacker || Cyber Security Expert || Cyber Security Analyst || Information Security Researcher || Part-Time Hacker || Child Pornography & Sexual Abuse Combat

Leave a Reply

Your email address will not be published. Required fields are marked *