Hacking Laptop Batteries
The firmware within your Mac computer battery can be compromised, says a security researcher who discovered the default passwords left out in the clear. Next week in Las Vegas, Accuvant’s security researcher Charlie Miller plans to reveal the full details (and a solution) at his talk at Black Hat USA. When you stop and think about it attacking the firmware on a battery pack makes perfect sense.
Batteries (and not just in Mac computers) use microcontrollers to tell the lithium battery when it’s full and when it needs to be recharged. The chips also to report to the operating system an interim status report you can monitor your battery usage and be prompted in advance to recharge your battery. So it also makes sense that updates to the firmware can improve the life of your battery—or severely degrade it.
Miller found that the batteries shipped with Apple Macbooks, Macbook Pros and Macbook Airs had their firmware default password exposed, allowing anyone who bothered to look to hack the battery. What good is hacking the battery, you say?
Related Reading: Attacks on Mobile and Embedded Systems: Current Trends
Miller told Forbes.com and other publications that a cybercriminal could permanently ruin the battery. By entering the wrong codes, Miller managed to “brick” several Mac batteries, which cost him about $130 each. He could have also caused the battery to explode, something Miller says he didn’t try in part because he works at home.
More intriguing is that cybercriminals could also install malware that would remain on the device no matter how many times you reinstalled the operating system. That’s because traditional methods of eradicating persistent malware would fail: reinstalling the operating system, replacing the hard drive, re-flashing the BIOS—none of these would remove the true source of the infection. We need to consider replacing the battery now as well.
There are of course the fine details. Getting to the battery microcontroller requires some work. Attacking the battery would require finding another vulnerability in the interface between the chip and the operating system. But Miller said that’s not much of a barrier. How many operating systems include batteries as an attack vector? Miller has informed both Apple and Texas Instruments, the company that makes the microcontrollers, about his research.
Miller’s no stranger to Apple products. Earlier this year, he and a handful of other security researchers were given an advance look at Apple’s new Lion operating system.
It’s good that researchers like Miller are considering the devices holistically. In previous columns I talked about hacking mice, keyboards, and even office printers. Anything with a microcontroller and/or access to the Internet needs to be secure. Just because these vectors haven’t been exploited widely doesn’t mean that they won’t someday.
There’s an Embedded Security track at Black Hat next week, and I’ll be there finding out what other common gadgets are vulnerable to new attacks. Just as the cybercriminal often thinks outside the box to find a Zero Day, or develop a new vector of attack. As the self-appointed Good Guys, we should also be exercising our creative minds and, at the very least, anticipating some of these new attacks as well.
Related Reading: Attacks on Mobile and Embedded Systems: Current Trends
Related Reading: Introduction to Security for Smart Object Networks Devices w/Free Software Trial