MacBook Batteries Vulnerable to Hijack, Causing Batteries to Heat Up, Catch Fire or Explode

Do you know you Notebook more than what it look? A potentially dangerous security hole in Apple's range of MacBook battery micro-controllers' firmware could be exploited to destroy the batteries inside the notebooks, according to security researcher Charlie Miller."Modern laptop batteries contain a microcontroller that monitors the power level of the unit, allowing the operating […]

Do you know you Notebook more than what it look? A potentially dangerous security hole in Apple's range of MacBook battery micro-controllers' firmware could be exploited to destroy the batteries inside the notebooks, according to security researcher Charlie Miller.

"Modern laptop batteries contain a microcontroller that monitors the power level of the unit, allowing the operating system and the charger to check on the battery's charge and respond accordingly. That embedded chip means the lithium ion batteries can know when to stop charging even when the computer is powered off, and can regulate their own heat for safety purposes.

"When Miller examined those batteries in several Macbooks, Macbook Pros and Macbook Airs, however, he found a disturbing vulnerability. Miller discovered the two passwords used to access and alter Apple batteries by pulling apart and analyzing a 2009 software update that Apple instituted to fix a problem with Macbook batteries. The batteries' chips are shipped with default passwords, such that anyone who "discovers that password and learns to control the chips' firmware can potentially hijack them to do anything the hacker wants. That includes permanently ruining batteries at will, and may enable nastier tricks like implanting them with hidden malware that infects the computer no matter how many times software is reinstalled or even potentially causing the batteries to heat up, catch fire or explode"."

He says that "You could put a whole hard drive in, reinstall the software, flash the BIOS, and every time it would reattack and screw you over. There would be no way to eradicate or detect it other than removing the battery. Presumably Apple has never considered that as an attack vector, so it's very possible it's vulnerable."

Miller says he's received messages from several other researchers asking him not proceed with the battery work because it could be too dangerous. But Miller has worked to fix the problems he's exposing.

At Black Hat he plans to release a tool for Apple users called "Caulkgun" that changes their battery firmware's passwords to a random string, preventing the default password attack he used. Miller also sent Apple and Texas Instruments his research to make them aware of the vulnerability. I contacted Apple for comment but haven't yet heard back from the company.

[Via: forbes]