Slashdot Mirror

← Back to Stories (view on slashdot.org)

Apple Laptops Vulnerable To Battery Firmware Hack

Posted by Soulskill on from the good-thing-they're-so-easy-to-replace dept.

Trailrunner7 writes "Security researcher Charlie Miller, widely known for his work on Mac OS X and Apple's iOS, has discovered an interesting method that enables him to completely disable the batteries on Apple laptops, making them permanently unusable, and perform a number of other unintended actions. The method, which involves accessing and sending instructions to the chip housed on smart batteries, could also be used for more malicious purposes down the road. Miller discovered the default passwords set on the battery at the factory to change the battery into unsealed mode and developed a method that let him permanently brick the battery as well as read and modify the entire firmware. 'You can read all the firmware, make changes to the code, do whatever you want. And those code changes will survive a reinstall of the OS, so you could imagine writing malware that could hide on the chip on the battery. You'd need a vulnerability in the OS or something that the battery could then attack, though,' Miller said."

6 of 272 comments (clear)

  1. Why? by Qwell · · Score: 4, Insightful

    In other news - batteries have firmware.

    --
    As of 10/06/03, I hate COBOL developers.
    1. Re:Why? by CFD339 · · Score: 5, Informative

      Lithium Ion batteries are inherently unstable and have to be charged and discharged very carefully. Unlike the old school batteries you'd think of, these batteries have a controller to manage them built in. When that fails, you have big problems (remember the defective ones a few years ago that would just burst into flames?)

      --
      The problem with quotes on the internet, is that nobody bothers to check their veracity. -- Abraham Lincoln
    2. Re:Why? by adri · · Score: 4, Informative

      And you're the know-it-all guy who prematurely called it.

      Figuring out Lion/NiMH cell charging by analog methods is actually quite difficult to do when you're charging the battery at stupidly high current, which is what's going on here. The NiCD way of measuring the voltage drop/resistance doesn't work as well - the change is too sharp. There's not one charging rate (fast and trickle), there's a "curve" to maximise battery life and minimise damage/risk of explosion. It changes over the life of the battery, so you can't just "assume" a common curve. You may have a fully-charged battery, so you have to know how much charge is in there before you start charging it at full current.

      These laptop battery cells can double as exploding timebombs if you're not careful. Hence yes, there's a microcontroller in them to keep track of exactly what's going on.

  2. No worries here by JoeWalsh · · Score: 5, Funny

    I don't have to worry about that. Not only am I using a Dell, but my battery exploded.

  3. Firmware should have a write-enable switch by davidwr · · Score: 5, Insightful

    This is just one more reason why software that's not designed to be frequently changed should be write-protected unless the user sets a specific hardware switch.

    If the hardware switch is in its default location - "protect" - it should be mathematically provable that the firmware cannot be overwritten.

    --
    Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
  4. Re:OSX is the least secure OS in mainstream use by makubesu · · Score: 4, Informative

    If I install windows or some linux flavor on my mac, it doesn't mean this vulnerability goes away. It's a hardware problem, hardware made by someone besides apple. I'm not sure what this has to do with which operating system is most secure.