Printed from http://www.electronista.com

Security hack can 'kill' MacBook battery firmware

updated 02:15 pm EDT, Fri July 22, 2011

White hat hacker to show MacBook battery risk

Accuvant security researcher Charlie Miller on Friday revealed plans to demonstrate an exploit that would compromise the batteries, not the computers, on MacBooks. Apple's batteries reportedly use default passwords on their firmware and can have their controllers compromised by those who know the passwords and can get access to the low level hardware. The hole shown to Forbes could lead to something as simple as rendering the battery inoperable to auto-installing malware and even forced overheating.

Miller has so far wrecked seven batteries with the hack, though none to the point where they suffer physical damage. Batteries have a fuse that will automatically cut if they overheat in normal conditions.

The passwords were found by dissecting one of Apple's 2009 battery updates and getting code keys that let him look at the firmware.

The actual risks are difficult to determine. To get access to the battery, a malware developer would need to first breach the OS itself. While not necessarily difficult, it would add an additional layer. It's also possible many Windows PCs face the same vulnerability and haven't had it exposed.

As a 'white hat' hacker, Miller plans to release his own intermediary fix, Caulkgun, that would randomize the password. Apple and the battery controller chip maker, TI, have also been notified about the update. More details are expected at the Black Hat security event in August.

Miller is known for his Mac-focused exploit discovery but has usually focused on Safari and other purely software-based investigations. He has sometimes won the Pwn2Own hacking contest, where the user first to successfully hack a platform wins the device they hacked.



By Electronista Staff
Post tools:

TAGS :

toggle

Comments

  1. The Vicar

    Junior Member

    Joined: Jul 2009

    +3

    Geez, Apple

    On the one hand, I refuse to get concerned about this until I see what is actually required to use this hack to damage the battery. If it turns out that you need to do some sort of Voodoo multi-step procedure involving user interaction, then this is -- as these security complaints so often are -- just nonsense.

    On the other hand, this isn't the first time Apple has allowed a security hole in their products by failing to properly protect firmware of things other than the computer itself. Remember the flaw with keyboards?

  1. Monty Python

    Fresh-Faced Recruit

    Joined: Jan 2011

    -1

    Go suck on a beet, Charlie

    Let me guess, next Mr. Miller will report having found malware that severs the power cords on Macs.

    Sheesh, what a goober!

  1. BigMac2

    Forum Regular

    Joined: Dec 2000

    +3

    How to scares people about nothing

    You know, you can do the same with any optical drive and HD firmware and no one care.

  1. murdoch201

    Fresh-Faced Recruit

    Joined: Jul 2011

    -1

    lol

    hahaha, love it how that Apple fanboy writer wishes that PC's had the same.
    Too bad for him, if the antivirus has no acces, neither Windows will have acces.
    That's why Mac's are so funny, they are leak like h***.

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

Sponsor

Recent Reviews

ActvContent Sync Smartband

Smartbands of all sorts are hitting the market. Some build on the buzz around fitness trackers, while others offer simpler features fo ...

RocketStor 6324L Thunderbolt 2 eSATA bridge

Like it or not, the shift to Thunderbolt is underway. The connection is extremely flexible, allowing for video and data to co-habitate ...

Patriot Stellar Boost XT 64GB USB 3.0 drive

A vast selection of USB memory sticks means that consumers can often find exactly the size drive they need in a configuration that can ...

Sponsor

toggle

Most Commented

 
toggle

Popular News