14 DAY TRIAL // A renowned security researcher has discovered that the microcontroller used to monitor the power level of an Apple laptop can be compromised. This can allow a hacker to run custom code, potentially even causing the battery to explode.
Security expert Charlie Miller, notorious for his hacking feats against Apple systems, reportedly examined the batteries in several Macbooks, Macbook Pros and Macbook Airs, and found an alarming vulnerability.
The researcher has found that the batteries’ microcontroller chips ship with default passwords. Once a hacker learns that password, they can learn to control the chips’ firmware and potentially hijack them.
Bad scenarios proposed by Miller include permanently ruining they battery, implanting it with hidden malware that infects the computer regardless of what is stored on the hard drive, and even potentially cause the battery to heat up or catch fire.
According to the security researcher, a hacker could well cause the laptop’s battery to explode.
“These batteries just aren’t designed with the idea that people will mess with them,” Miller said. “What I’m showing is that it’s possible to use them to do something really bad.”
Miller found the passwords used to access Apple batteries by reverse-engineering a 2009 software update from Apple tasked with fixing a problem with Macbook batteries.
“You could put a whole hard drive in, reinstall the software, flash the BIOS, and every time it would reattack and screw you over. There would be no way to eradicate or detect it other than removing the battery”, said Miller.
He plans to publicly disclose the flaw, and provide a fix at the Black Hat security conference in August.
An employee of security firm Accuvant, Miller will most likely provide the fix to Apple first, so that the Cupertino company is able to patch the vulnerability before it’s too late.
