It may be the quickest $10,000 Charlie Miller ever earned.
He took the first of three laptop computers — and a $10,000 cash prize — Thursday after breaking into a MacBook Air at the CanSecWest security conference’s PWN 2 OWN hacking contest.
Show organizers offered a Sony Vaio, Fujitsu U810, and the MacBook as prizes, saying that they could be won by anybody at the show who could find a way to hack into each of them and read the contents of a file on the system using a previously undisclosed “0day” attack.
Within 2 minutes, he directed the contest’s organizers to visit a Web site that contained his exploit code, which then allowed him to seize control of the computer, as about 20 onlookers cheered him on. He was the first contestant to attempt an attack on any of the systems.
Miller was quickly given a nondisclosure agreement to sign, and he’s not allowed to discuss particulars of his bug until the contest’s sponsor, TippingPoint, can notify the vendor.
Contest rules stated that Miller could only take advantage of software that was preinstalled on the Mac, so the flaw he exploited must have been accessible by, or possibly inside, Apple’s Safari browser.