In the category of “weird but interesting and mildly disturbing”, a prominent security researcher has discovered a vulnerability in the batteries of Apple’s MacBook line of portable computers that could allow hackers to ruin the batteries or install malware on them that could corrupt a Mac.
Per Forbes, Charlie Miller, a renowned white-hat hacker who works for security firm Accuvant, plans to reveal and offer a fix next month for a MacBook battery vulnerability he has discovered. Miller uncovered default passwords, which are used to access the microcontroller in Apple’s batteries, within a firmware update from 2009 and used them to gain access to the firmware.
Apple and other laptop makers use embedded chips in their lithium ion laptop batteries to monitor its power level, stop and start charging and regulate heat.
During the course of his tests, the researcher “bricked” seven batteries, rendering them unusable by rewriting the firmware. Of more concern is the possibility that hackers could use the vulnerability to install difficult to remove malware, or, in a worst case scenario, cause the batteries to explode.
“These batteries just aren’t designed with the idea that people will mess with them,” he said. “What I’m showing is that it’s possible to use them to do something really bad.” According to him, few IT administrators would think to check the battery, providing hackers with an opportunity to hide malicious software on a battery that could repeatedly implant itself on a computer.
Miller admitted that he hasn’t tried to blow up any batteries, but he did say it might be possible. “You read stories about batteries in electronic devices that blow up without any interference,” he noted. “If you have all this control, you can probably do it.”
Another researcher, Barnaby Jack, who works for antivirus software maker McAfee, also looked into the battery issue a couple years ago, but said he didn’t get as far as Miller did.
Miller, who is a regular winner of security contests demonstrating Mac, Safari and iPhone exploits, has notified Apple and Texas Instruments of the issue. Despite requests from several other researchers not to proceed, he plans to unveil the vulnerability, along with a fix he calls “Caulkgun,” at the Black Hat security conference next month.
“Caulk Gun” will change a battery’s default passwords to a random string of characters. While the fix will prevent hackers from breaking into the battery, it would also block any future firmware updates from Apple.
Stay tuned for additional details as they become available.