Probably many of us would think that the laptop battery could be the last thing that a hacker could use to harm us, right? Well, the situation is completely different according to Charlie Miller, a famous expert in IT security, who claims that MacBook batteries are vulnerable to hacker attacks. Modern laptops contain certain microchips that regulate the energy consumption of batteries and check whether a battery needs to be charged or not. These mechanisms are designed to protect users from possible overheating or destruction of laptop batteries. Unfortunately, the same system can be used by a hacker to completely destroy a battery or to permanently infect an operating system.
Modern laptop batteries contain a microcontroller that monitors the power level of the unit, allowing the operating system and the charger to check on the battery's charge and respond accordingly. That embedded chip means the lithium ion batteries can know when to stop charging even when the computer is powered off, and can regulate their own heat for safety purposes.
Charlie Miller thought to examine such a microprocessor included in MacBooks and found that a skilled hacker can use it to do a lot of harm to a user. Each microprocessor has software installed that controls whether the battery is charged or not and this software can be accessed by Apple engineers using a password. Charlie Miller managed to break the encryption used by Apple and found out the software password, but the discovery would have much more serious implications because Apple uses the same password for the software of all microprocessors. Charlie Miller claims that from 2009 until now, Apple has used the same password for the software of all the microprocessors that control the batteries of the MacBooks, and a hacker with the same password can destroy the batteries of millions of MacBooks.
When Miller examined those batteries in several Macbooks, Macbook Pros and Macbook Airs, however, he found a disturbing vulnerability. The batteries' chips are shipped with default passwords, such that anyone who discovers that password and learns to control the chips' firmware can potentially hijack them to do anything the hacker wants. That includes permanently ruining batteries at will, and may enable nastier tricks like implanting them with hidden malware that infects the computer no matter how many times software is reinstalled or even potentially causing the batteries to heat up, catch fire or explode. "These batteries just aren't designed with the idea that people will mess with them," Miller says. "What I'm showing is that it's possible to use them to do something really bad." Miller discovered the two passwords used to access and alter Apple batteries by pulling apart and analyzing a 2009 software update that Apple instituted to fix a problem with Macbook batteries. Using those keys, he was soon able to reverse engineer the chip's firmware and cause it to give whatever readings he wanted to the operating system and charger, or even rewrite the firmware completely to do his bidding.
Basically, a hacker who has the password from that software can destroy the battery of a MacBook by overheating, Miller managed to destroy 7 batteries in his tests. A battery can be completely blocked by that microprocessor, the MacBook will no longer recognize it and will shut itself down as soon as the hacker runs the command. Unfortunately, an operating system can be permanently infected through that microprocessor because the malware would be installed through the microprocessor directly in the operating system regardless of how many times it is reinstalled.
"You could put a whole hard drive in, reinstall the software, flash the BIOS, and every time it would reattack and screw you over. There would be no way to eradicate or detect it other than removing the battery.” says Miller.
The good part is that the password of that microprocessor is not enough to affect a MacBook because it is also necessary to break the interface between the operating system and the microprocessor, but Charlie Miller claims that any experienced hacker can do this easily. Charlie Miller will present this vulnerability at next month's BlackHat conference and present a solution to the problem, but Apple needs to update its MacBooks before malicious people can affect them.
