Hacking in general largely has a negative connotation. Whether it’s shown in a TV show or experienced first hand, hacking is generally illegal and intended to harm the victim and/or benefit the hacker. A convention called the CanSecWest security conference in Vancouver hosted a Pwn2Own hacking event where hackers were encouraged to demonstrate vulnerabilities in software and hardware in exchange for a cash reward. At the event, Samuel Groß and Niklas Baumstark used a number of logic bugs to compromise Apple’s Safari browser and grab root access on a MacBook Pro. The success was topped off by a flashy message on the computer’s touch bar, reading: “pwned by niklasb and saelo”.
This may seem weird. After all, why would manufacturers pay someone to hack them? In reality, these sort of discoveries alert the companies to issues they might have otherwise overlooked and allows them to patch out the issues. The effort was labeled as a “partial success” (don’t ask me why!) and the team received a pretty significant sum of $28,000. Another team at the event obtained root access through a chain of 6 different bugs and netted $35,000.
So called “White Hat” hackers are an interesting phenomenon, using their security knowledge and experience to discover exploits in computers and alert the proper entities before they can be used to harm users. It’s nice that these sort of individuals are being rewarded, and perhaps the financial compensation will encourage more nefarious hackers to turn to the light side. The fact that these hacks focused on the MacBook Pro is important, as Apple has a reputation as a “less hackable” manufacturer. If hacks targeting macOS become more commonplace, Apple computers might no longer be regarded as the safer option.