Researcher bricks Mac batteries with new hack

Researcher bricks Mac batteries with new hack

The bizarre hack could lead to Mac and PC viruses spread via the battery's firmware

A well-known Apple security researcher has revealed he can hack into Mac batteries.

Charlie Miller - known for taking down Macs in the yearly Pwn2Own competition - told Forbes he'll show the Black Hat conference next month how to take over a Mac battery.

 

Batteries have chips to control power levels, charging and overheating, and those chips have default passwords for protection. If an attacker hacked that password, and figured out the firmware - Miller had to reverse engineer it - he could take over the battery.

That would allow the attacker to brick the battery - Miller bricked seven in his research - or install malware, which could be used to overheat it. While that could possibly lead to fires, the researcher didn't push the hack that far, and other safeguards in the batteries could prevent that scenario.

“These batteries just aren’t designed with the idea that people will mess with them,” Miller told Forbes. “What I’m showing is that it’s possible to use them to do something really bad.”

While that seems a lot of effort to burn a Mac user, the hack could also be used to hide malware. When the machine is wiped clean, the malware infection will stay hidden in place in the battery, ready to re-infect.

“You could put a whole hard drive in, reinstall the software, flash the BIOS, and every time it would reattack and screw you over," Miller said. "There would be no way to eradicate or detect it other than removing the battery.”

PCs could be targeted too

While Miller's work only targeted Apple computers - as that's where his research focuses - the hack could also be used on other PCs, noted Sophos security researcher Paul Ducklin.

"So, are Apple laptop batteries the new attack vector?" he asked on the Sophos blog, saying it's no more likely than "any other hardware in your system with field-updatable firmware".

"That includes the motherboard itself, your wireless card, your 3G modem, network card, graphics device, storage devices and much more. Including, of course, the battery pack," he said.

"And - as Apple fans reading this article will be happy to note - the risk is not unique to Apple, though Charlie Miller's paper is," Ducklin added.

Miller has already reported the flaw to Apple and chipmaker Texas Instruments, and will reveal a fix at Black Hat. Apple hasn't returned request for comment.

This article originally appeared at pcpro.co.uk

Source: Copyright © PC Pro, Dennis Publishing

See more about:  researcher  |  mac  |  battery  |  hack  |  mobilecomputing
 
 

Readers of this article also read...

Compulab reveals $100 ARM PC running Ubuntu or Android 

Compulab reveals $100 ARM PC running Ubuntu or Android

 
Unboxed: Apple's latest 27in iMac 

Unboxed: Apple's latest 27in iMac

 
Aliens: Colonial Marines screenshots 

Aliens: Colonial Marines screenshots

 
Unboxed: Thermaltake Soprano  

Unboxed: Thermaltake Soprano

 
In Pictures: PowerColor DEVIL13 HD7990 6GB GDDR5 

In Pictures: PowerColor DEVIL13 HD7990 6GB GDDR5

 

Latest Comments

Latest Competitions

Win! A Silicon Power Gift Pack! 

Win! A Silicon Power Gift Pack!

Complete with 8GB flash drive and 1TB portable hard drive!
 

Latest Poll

What PC component are you planning to upgrade in the next six months










Ads by Google

From our Partners

PC & Tech Authority Downloads