Slashdot Mirror

← Back to Stories (view on slashdot.org)

Apple Laptops Vulnerable To Battery Firmware Hack

Posted by Soulskill on from the good-thing-they're-so-easy-to-replace dept.

Trailrunner7 writes "Security researcher Charlie Miller, widely known for his work on Mac OS X and Apple's iOS, has discovered an interesting method that enables him to completely disable the batteries on Apple laptops, making them permanently unusable, and perform a number of other unintended actions. The method, which involves accessing and sending instructions to the chip housed on smart batteries, could also be used for more malicious purposes down the road. Miller discovered the default passwords set on the battery at the factory to change the battery into unsealed mode and developed a method that let him permanently brick the battery as well as read and modify the entire firmware. 'You can read all the firmware, make changes to the code, do whatever you want. And those code changes will survive a reinstall of the OS, so you could imagine writing malware that could hide on the chip on the battery. You'd need a vulnerability in the OS or something that the battery could then attack, though,' Miller said."

12 of 272 comments (clear)

  1. Why? by Qwell · · Score: 4, Insightful

    In other news - batteries have firmware.

    --
    As of 10/06/03, I hate COBOL developers.
    1. Re:Why? by CFD339 · · Score: 5, Informative

      Lithium Ion batteries are inherently unstable and have to be charged and discharged very carefully. Unlike the old school batteries you'd think of, these batteries have a controller to manage them built in. When that fails, you have big problems (remember the defective ones a few years ago that would just burst into flames?)

      --
      The problem with quotes on the internet, is that nobody bothers to check their veracity. -- Abraham Lincoln
    2. Re:Why? by jo_ham · · Score: 3, Insightful

      You got it right the first time - to control the charging process. That is the "non predatory" reason that lithium ion batteries have chips in them, and it is *absolutely* not unique to Apple.

      Don't let facts get in the way of a good Apple bash though!

    3. Re:Why? by bughunter · · Score: 3, Interesting

      I had a similar problem with a macbook pro battery I bought in Jan 2010. By Jan 2011, it would barely hold 30 minutes of operating energy, and reported a health of 15%. The number of cycles reported was 49. Not a typo. Forty-nine.

      No amount of "calibrating" the battery nor resetting the EPS would change this. I had to fork out $129 for a new battery. As it turns out, leaving the damn thing plugged in all the time and never draining the charge severely shortens the life of the cells.

      Lesson: run the thing from the battery every once in a while.

      --
      I can see the fnords!
    4. Re:Why? by adri · · Score: 4, Informative

      And you're the know-it-all guy who prematurely called it.

      Figuring out Lion/NiMH cell charging by analog methods is actually quite difficult to do when you're charging the battery at stupidly high current, which is what's going on here. The NiCD way of measuring the voltage drop/resistance doesn't work as well - the change is too sharp. There's not one charging rate (fast and trickle), there's a "curve" to maximise battery life and minimise damage/risk of explosion. It changes over the life of the battery, so you can't just "assume" a common curve. You may have a fully-charged battery, so you have to know how much charge is in there before you start charging it at full current.

      These laptop battery cells can double as exploding timebombs if you're not careful. Hence yes, there's a microcontroller in them to keep track of exactly what's going on.

  2. No worries here by JoeWalsh · · Score: 5, Funny

    I don't have to worry about that. Not only am I using a Dell, but my battery exploded.

    1. Re:No worries here by jittles · · Score: 3, Informative

      Actually, it's not terribly hard to remove the batteries on the 2011 Macbook pros. Not something you could do easily on a plane, or in the car, but you can definitely do so with just two screwdrivers. Or one screwdriver with a replaceable bit.

  3. Firmware should have a write-enable switch by davidwr · · Score: 5, Insightful

    This is just one more reason why software that's not designed to be frequently changed should be write-protected unless the user sets a specific hardware switch.

    If the hardware switch is in its default location - "protect" - it should be mathematically provable that the firmware cannot be overwritten.

    --
    Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
  4. Re:Physical access? by SomePgmr · · Score: 3, Interesting

    I only skimmed it, but it doesn't seem to say if he needed physical access to the battery to do this. Obviously the two must communicate (on-battery and OS), but it doesn't say if access was achieved on an in-use battery from the host machine.

    Obviously this is important, because it changes the attack vector significantly. There's a big difference between being vulnerable to the battery manufacturer or if a random infection could push code to the battery (or even brick it).

  5. Re:OSX is the least secure OS in mainstream use by makubesu · · Score: 4, Informative

    If I install windows or some linux flavor on my mac, it doesn't mean this vulnerability goes away. It's a hardware problem, hardware made by someone besides apple. I'm not sure what this has to do with which operating system is most secure.

  6. one hack to ruin them all.... by pbjones · · Score: 3, Insightful

    If it's a problem at Apple then it's a problem with a number of other hardware devices that use the same battery controllers, so your windoze laptops isn't safe either. Someone could also hack my Logitech Mouse and brick it too, or any number of peripherals that have upgradeable firmware, like my router, printer, keyboard, the list goes on.

    --
    There was an unknown error in the submission.
  7. Decades old news by pbjones · · Score: 3, Insightful

    BTW, Apple batteries have had firmware for the last 10-15 years, so your info is a little late.

    --
    There was an unknown error in the submission.