Security researcher Charlie Miller is quite well known for his works on Apple products. Today he has come up with a very interesting way to hack the MacBook using the battery.

Laptop battery contains its own monitoring circuit which reports the status of the battery to the OS. It also ensure that the battery does not overcharge even when the laptop is turned off.

Miller has discovered that on the MacBooks, the batteries are shipped with the default password set on the chips. It means that if someone knows the default password, the firmware of the battery can be controlled to do many things from simply ruining the battery to installing a malware which reinstalls whenever the OS boots. Miller said that it might even be possible to overload the battery so that it catches fire.

This is what Miller said:

These batteries just aren’t designed with the idea that people will mess with them. What I’m showing is that it’s possible to use them to do something really bad. You could put a whole hard drive in, reinstall the software, flash the BIOS, and every time it would reattack and screw you over. There would be no way to eradicate or detect it other than removing the battery.

By analyzing software updates that Apple released in 2009 to fix problems with the MacBook batteries, Miller said that he has been able to obtain two passwords used for the chip on the battery. Using that password, Miller said that he has been able to do almost anything from giving false readings to the charger and the OS to ruin the device, to completely rewriting the firmware.

This is a very real threat but such an attack is not likely to occur anytime soon. To successfully carry out the attack, the attacker has to analyze the 2009 software updates from Apple for the password, like Miller has done. If he is able to retrieve the password, he will have to find a vulnerability in the interface between the OS and the firmware. Miller believes that this will not be a difficult job as Apple probably never expected such kind of attack.

Miller will present his findings at the BlackHat security conference next month. At the conference, he also plans to release a tool which will change the password of the battery to a random string.

[source: Forbes]

[image credit]