Researcher: Macs prone to hacking via battery

Are the batteries in Apple Inc.'s laptops too smart for their own good? Security researcher Charlie Miller has found a potential security weakness that might allow a hacker to take control of a MacBook – or even have it blow up. "These batteries just aren’t designed with the idea that people will mess with them. What I’m showing is that it’s possible to use them to do something really bad," Miller said, according to a blog post on Forbes. Miller is currently a researcher with the consultancy Accuvant, Forbes said. Laptop batteries contain a micro-controller that monitors the power level and lets the laptop's operating system and charger respond appropriately. Such micro-controllers can even regulate the heat they generate. But Miller said that when he examined batteries in several Macbooks, Macbook Pros and Macbook Airs, he found the batteries’ chips are shipped with default passwords. Potentially, he said anyone who discovers that password and learns to control the chips’ firmware can use the batteries to hack into the MacBooks. Miller said he plans to expose and provide a fix for a potential attack using the microchips that control their batteries, at a Black Hat security conference in August. That includes "permanently ruining batteries at will, and may enable nastier tricks like implanting them with hidden malware that infects the computer no matter how many times software is reinstalled or even potentially causing the batteries to heat up, catch fire or explode," Forbes said. He also said he plans to release a tool for Apple users, “Caulkgun," that changes the battery firmware’s passwords to a random string. Miller also sent Apple and Texas Instruments his research to inform them of the vulnerability, although he has yet to get a reply from Apple. “No one has ever thought of this as a security boundary," says Miller. “It’s hard to know for sure everything someone could do with this." Potential for crime Forbes quoted Miller as saying one can install persistent malware on the chip that infects the rest of the computer to steal data, control its functions, or cause it to crash. “You could put a whole hard drive in, reinstall the software, flash the BIOS, and every time it would re-attack and screw you over. There would be no way to eradicate or detect it other than removing the battery," he said. He said few IT administrators would think to check a battery’s firmware for the source of that infection. Worse, the chip could re-infect the computer again and again if it is not discovered. Blowing up battery Forbes said the disturbing prospect of a hacker remotely blowing up a battery on command may be possible. Miller said that while the batteries he examined have safeguards against explosions, having a battery blow up on command might still be possible. “You read stories about batteries in electronic devices that blow up without any interference. If you have all this control, you can probably do it," he said. Miller discovered two passwords in accessing and altering Apple batteries by analyzing a software update Apple instituted in 2009 to address a problem with Macbook batteries. He reverse-engineered the firmware and found how to rewrite the firmware to do whatever he wanted. — LBG, GMA News