SECURITY RESEARCHER Charlie Miller has revealed that Apple's Macbook batteries can be hacked to cause fires or used to plant malware.
At the Black Hat security conference next month in Las Vegas, Miller will demonstrate how to hack into and control a battery's microprocessor. He discovered that the fruit themed laptops have default passwords.
Miller, a principal research consultant at Accuvant Labs, told Forbes, "These batteries just aren't designed with the idea that people will mess with them. What I'm showing is that it's possible to use them to do something really bad."
Once the controller for the battery has been compromised it can be manipulated to the point where the battery is dead, that is, "bricked". It seems that it might be possible to cause a fire or explosion by placing malware on the chip, although Miller hasn't pushed things that far yet.
This a potentially attractive place for a criminal hacker to attack a Mac, as the malware will stay present after a complete system wipe. Miller said, ""You could put a whole hard drive in, reinstall the software, flash the BIOS, and every time it would reattack and screw you over. There would be no way to eradicate or detect it other than removing the battery."
At the Black Hat conference Miller will "reverse engineer the firmware and the firmware flashing process for a particular smart battery controller. In particular, I will show how to completely reprogram the smart battery by modifying the firmware on it. Also, I will show how to disable the firmware checksum so you can make changes."
If you're thinking that this will let a bunch of hackers learn how to easily hack into and ruin every Macbook user's battery and possibly do worse, Miller will also "present a simple API that can be used to read values from the smart battery as well as reprogram the firmware." µ
Attackers could 'easily compromise' an entire company by exploiting AV security flaws
Nobody knows it, but you've got a secret smiley
Plummeting pound forces firm's hand
'Nothing changes in the short term,' says Jim Killock