The bizarre hack could lead to Mac and PC viruses spread via the battery's firmware
A well-known Apple security researcher has revealed he can hack into Mac batteries.
Charlie Miller - known for taking down Macs in the yearly Pwn2Own competition - told Forbes he'll show the Black Hat conference next month how to take over a Mac battery.
Batteries have chips to control power levels, charging and overheating, and those chips have default passwords for protection. If an attacker hacked that password, and figured out the firmware - Miller had to reverse engineer it - he could take over the battery.
That would allow the attacker to brick the battery - Miller bricked seven in his research - or install malware, which could be used to overheat it. While that could possibly lead to fires, the researcher didn't push the hack that far, and other safeguards in the batteries could prevent that scenario.
“These batteries just aren’t designed with the idea that people will mess with them,” Miller told Forbes. “What I’m showing is that it’s possible to use them to do something really bad.”
While that seems a lot of effort to burn a Mac user, the hack could also be used to hide malware. When the machine is wiped clean, the malware infection will stay hidden in place in the battery, ready to re-infect.
“You could put a whole hard drive in, reinstall the software, flash the BIOS, and every time it would reattack and screw you over," Miller said. "There would be no way to eradicate or detect it other than removing the battery.”
PCs could be targeted too
While Miller's work only targeted Apple computers - as that's where his research focuses - the hack could also be used on other PCs, noted Sophos security researcher Paul Ducklin.
"So, are Apple laptop batteries the new attack vector?" he asked on the Sophos blog, saying it's no more likely than "any other hardware in your system with field-updatable firmware".
"That includes the motherboard itself, your wireless card, your 3G modem, network card, graphics device, storage devices and much more. Including, of course, the battery pack," he said.
"And - as Apple fans reading this article will be happy to note - the risk is not unique to Apple, though Charlie Miller's paper is," Ducklin added.
Miller has already reported the flaw to Apple and chipmaker Texas Instruments, and will reveal a fix at Black Hat. Apple hasn't returned request for comment.