Sunday, March 17, 2013

Apple Laptop Batteries Can Be Hacked

Apple Laptop Batteries Can Be Hacked

Welcome to a laptop battery specialist of the Apple Laptop Battery

Apple laptop batteries can be hacked to infect the laptop with malware, or possibly even rigged to explode, a well-known security researcher has found.

All modern laptop batteries such as Apple A1012 Battery, Apple M8511 Battery, Apple M8244 Battery, Apple A1079 Battery, Apple A1078 Battery, Apple A1148 Battery, Apple M6091 Battery, Apple PowerBook G4 Battery have logic chips inside them that communicate with the computer they’re powering. That’s how you’re able to see how much charge is remaining. The chips also carry out regulatory tasks, such as shutting down the charging process when a battery’s at risk of overcharging.

But any logic chip has operating software — “firmware” — and that software can usually be remotely updated.

Charlie Miller, who’s famous for winning the annual Pwn2Own contest four times with his Mac OS X and iOS exploits, discovered that Apple puts the same password on all its laptop batteries in order to efficiently send out battery firmware updates.

Unfortunately, a skilled malicious hacker armed with the password could alter the firmware, Miller says. Altered firmware could be used to store malware or tweaked to damage the computer.

“These batteries just aren’t designed with the idea that people will mess with them,” Miller told Forbes tech blogger Andy Greenberg. “What I’m showing is that it’s possible to use them to do something really bad.”

Miller will be presenting his finding at next week’s Black Hat security conference in Las Vegas. He has already notified Apple of the vulnerability, and is not revealing the password.

Could the firmware be rigged to make the battery explode? Miller found that the Apple batteries had built-in fuses to prevent serious overheating, but there’s no guarantee counterfeit batteries would have such safeguards.

Miller has written a patch — he’s calling it “Caulkgun” — for the Apple battery vulnerability and will release it at Black Hat.

The downside is that Caulkgun will prevent future firmware updates. Nor will it do anything to solve the greater problem, because this vulnerability is not confined to Apple laptop batteries.

Most computer accessories and parts — hard drives, optical drives, graphics cards and network cards, for example — use firmware-upgradable logic chips. Most have enough memory space to house a small piece of malware.

It’s likely that most items in each category from a particular brand use the same administrative password.

For malicious hackers, it’s just a matter of finding out what those passwords are.

No comments:

Post a Comment