Apple laptop batteries can be hacked to infect the laptop with malware, or possibly even rigged to explode, a well-known security researcher has found.
All modern laptop batteries have logic chips inside them that communicate with the computer they’re powering. That’s how you’re able to see how much charge is remaining. The chips also carry out regulatory tasks, such as shutting down the charging process when a battery’s at risk of overcharging.
But any logic chip has operating software — “firmware” — and that software can usually be remotely updated.
Charlie Miller, who’s famous for winning the annual Pwn2Own contest four times with his Mac OS X and iOS exploits, discovered that Apple puts the same password on all its laptop batteries in order to efficiently send out battery firmware updates.
Unfortunately, a skilled malicious hacker armed with the password could alter the firmware, Miller says. Altered firmware could be used to store malware or tweaked to damage the computer.
“These batteries just aren’t designed with the idea that people will mess with them,” Miller told Forbes tech blogger Andy Greenberg. “What I’m showing is that it’s possible to use them to do something really bad.”
Miller will be presenting his finding at next week’s Black Hat security conference in Las Vegas. He has already notified Apple of the vulnerability, and is not revealing the password.
Digging into source code
Miller, who formerly was with the National Security Agency and currently works for Denver security firm Accuvant Labs, was intrigued by a 2009 firmware update that Apple had sent out to fix a problem with MacBook batteries. Read more…