Never miss an update Follow AppleInsider
Saturday, July 23, 2011, 01:25 am
Vulnerability exposes Apple MacBook batteries to 'bricking,' malware
One prominent security researcher has discovered a vulnerability in the batteries of Apple's MacBook line of portable computers that could allow hackers to ruin the batteries or install malware on them that could corrupt a Mac.Charlie Miller, a renowned white-hat hacker who works for security firm Accuvant, plans to reveal and offer a fix next month for a MacBook battery vulnerability he has discovered, Forbes reports. Miller uncovered default passwords, which are used to access the microcontroller in Apple's batteries, within a firmware update from 2009 and used them to gain access to the firmware.
Apple and other laptop makers use embedded chips in their lithium ion laptop batteries to monitor its power level, stop and start charging and regulate heat.
During the course of his tests, the researcher "bricked" seven batteries, rendering them unusable by rewriting the firmware. Of more concern is the possibility that hackers could use the vulnerability to install difficult to remove malware, or, in a worst case scenario, cause the batteries to explode.
“These batteries just aren’t designed with the idea that people will mess with them,” he said. “What I’m showing is that it’s possible to use them to do something really bad.” According to him, IT few administrators would think to check the battery, providing hackers with an opportunity to hide malicious software on a battery that could repeatedly implant itself on a computer.
MacBook batteries bricked during security researcher Charlie Miller's research
Miller admitted that he hasn't tried to blow up any batteries, but he did say it might be possible. "You read stories about batteries in electronic devices that blow up without any interference,” he noted. “If you have all this control, you can probably do it.”
Another researcher, Barnaby Jack, who works for antivirus software maker McAfee, also looked into the battery issue a couple years ago, but said he didn't get as far as Miller did.
Miller, who is a regular winner of security contests demonstrating Mac, Safari and iPhone exploits, has notified Apple and Texas Instruments of the issue. Despite requests from several other researchers not to proceed, he plans to unveil the vulnerability, along with a fix he calls "Caulkgun," at the Black Hat security conference next month.
"Caulk Gun" will change a battery's default passwords to a random string of characters. While the fix will prevent hackers from breaking into the battery, it would also block any future firmware updates from Apple.
The state of security
In spite of the battery vulnerability that he uncovered, Miller believes Mac OS X security is better than ever before. According to him, Apple engineers made few security-related changes in the jump from Leopard to Snow Leopard, but they made substantial improvements in Mac OS X 10.7 Lion, which was released on Wednesday.
"Now, they've made significant changes and it's going to be harder to exploit,” he said, as noted by The Register.
“It's a significant improvement, and the best way that I've described the level of security in Lion is that it's Windows 7, plus, plus,” said noted security consultant Dino Dai Zovi.
Apple offered security researchers, including Miller and Dai Zovi, an unprecedented early look at Lion in order to get their feedback.
According to researchers, Lion's biggest security improvement is Lion's support for Address Space Layout Randomization. ASLR randomizes the location of critical system components to reduce the risk of attack. Apple also added sandboxing security measures in Safari that will isolate potential bugs or malware. Finally, the newly revamped File Vault now allows an entire drive to be encrypted.
On Topic: MacBook
- Best Buy recalls 5,100 third-party MacBook batteries for fire risk
- Gazelle sees 171% spike in MacBook trade-ins ahead of WWDC
- Upgraded MacBook models expected to highlight WWDC 2013
- AI readers now get lowest prices on Apple's iMacs & MacBooks with new coupons
- AI readers now get lowest prices on Apple's iMacs & MacBooks with new coupons
Previous Comments View All
Miller should get a life.
J.
seems like anyplace there is flash based firmware, there is a possibility that...well you know, someone could alter it. Which is kindof the whole idea in the first place.... you don't need an EEPROM burner to make changes nor physical access to the hardware.
I am not saying that there isn't a vulnerability, just that it isn't surprising that it exists.
Maybe we need less intelligent hardware???
Maybe we need less intelligent hardware???
I thought IBM compatibles had that covered
Of more concern is the possibility that hackers could use the vulnerability to install difficult to remove malware, or, in a worst case scenario, cause the batteries to explode.
Miller admitted that he hasn't tried to blow up any batteries, but he did say it might be possible. "You read stories about batteries in electronic devices that blow up without any interference, he noted. If you have all this control, you can probably do it.
I'm pretty sure the explosions happened because the hardware was defective and not the software. They found extra metal shavings in one batch of batteries that reacted so I highly doubt adjusting the firmware would cause an explosion. However, being able to brick a battery is enough cause for concern.
Great.
Another hacker turned "security activist".
Only out to make a name for himself. Doesn't care about anyone else.
Hint, if he cared about security and users, he wouldn't release his findings to the general public.
All these hacktavists are simple out for themselves.
It is pretty sick.
I don't think it's as simple as him being a bad guy. Yes, he's out for all those things, BUT his skills are genuine, and he's doing good by finding real issues that can and should be fixed.
He's doing the right thing, as long as he lets the vendor issue a patch before he goes public.
Oh... wait 
In any case, it sounds fixable--but I'll wait for Apple's fix, not his! Especially if his home-brew fix bricks the firmware anyway, leaving Apple's own patch unable to run, as well as any other Apple battery firmware updates in future! No, thanks.
Question: when he talks about the "potential" to install "malware," does he really mean that the battery can access your file system? Or that just an implication he's willing to imply by vague language, knowing it's not the case? Or is it just something that's been reported without his full details? I'm wondering if the reality isn't that the theoretical "malware" could itself only affect the battery. Still annoying/destructive, if that's the case, but it's not a gateway to what most people think of as real malware: something that affects or steals your data, apps or OS. You could call malware that exists only on your battery and never gets out to be "on your computer," but that would be misleading. What's the real situation?
As for the fire/explosion FUD... research a mechanism that could make such a thing happen by code alone. Until then, it's just fearmongering. Great for anti-Apple headlines though! Let's see if another "gate" springs up soon (Of course, other PC brands are probably just as vulnerable--but not as good for attention.)
I dont think its as simple as him being a bad guy. Yes, hes out for all those things, BUT his skills are genuine, and hes doing good by finding real issues that can and should be fixed.
Hes doing the right thing, as long as he lets the vendor issue a patch before he goes public.
Oh... wait
In any case, it sounds fixablebut Ill wait for Apples fix, not his! Especially if his home-brew fix bricks the firmware anyway, leaving Apples own patch unable to run, as well as any other Apple battery firmware updates in future! No, thanks.
Question: when he talks about the potential to install malware, does he really mean that the battery can access your file system? Or that just an implication hes willing to imply by vague language, knowing its not the case? Or is it just something thats been reported without his full details? Im wondering if the reality isnt that the theoretical malware could itself only affect the battery. Still annoying/destructive, if thats the case, but its not a gateway to what most people think of as real malware: something that affects or steals your data, apps or OS. You could call malware that exists only on your battery and never gets out to be on your computer, but that would be misleading. Whats the real situation?
As for the fire/explosion FUD... research a mechanism that could make such a thing happen by code alone. Until then, its just fearmongering. Great for anti-Apple headlines though! Lets see if another gate springs up soon
(Of course, other PC brands are probably just as vulnerablebut not as good for attention.)Yes, firmware could cause damage and even fire/explosion to a Li-Ion battery. Say the malicious battery code caused the battery to charge at its maximum rate far beyond its capacity. You get heat when that happens. Enough heat and you get bursting and/or fire.
But my question is, who would want to go to the effort to ruin my battery? What's in it for them? And how on earth could firmware in a battery inject malicious code BACK into the O.S.? I'll believe it only when I see a demo. Until then I'm flagging this statement as crazy conjecture.
Great.
Another hacker turned "security activist".
Only out to make a name for himself. Doesn't care about anyone else.
Hint, if he cared about security and users, he wouldn't release his findings to the general public.
All these hacktavists are simple out for themselves.
It is pretty sick.
If he didn't release his findings then he couldn't win competitions. If he didn't win competitions then he would have no reputation and then couldnt make money from being a known expert. If he can't make money from that then there's nothing to pay for him to find these things and pass the information onto Apple and others.
Obviously he's out for himself but so is everyone else. We all work to get paid, some of us enjoy are jobs, but it we wen't paid we wouldn't do them. At the same time he's still helping Apple make their products more secure.
A true White Hats doesn't release exploits to the public until the vendor has issued a patch. Miller is clearly a Grey Hat.
Latest Apple Headlines
-
Pegatron CEO: Apple's 'low-cost iPhone' will not be cheap
~27 seconds ago -
Analyst recants claim that Apple will add Retina display to iPad mini before 2014
~7 hours ago -
First benchmarks for redesigned Mac Pro reportedly appear online
~7 hours ago -
Best Buy recalls 5,100 third-party MacBook batteries for fire risk
~8 hours ago -
Twitter heat map shows iPhone use by the affluent, Android by the poor
~8 hours ago - more...
Want to write for AppleInsider? Submit your application now!
Lowest Prices Anywhere!
| Model | Price | You Save |
|---|---|---|
| 11"1.3GHz/4GB/128GB | $964.18* | $34.82 |
| 11" 1.3GHz/8GB/128GB | $1,061.18* | $37.82 |
| 11" 1.3GHz/8GB/256GB | $1,255.18* | $43.82 |
| 11"1.7GHz/8GB/128GB | $1,206.68* | $42.32 |
| 11"1.7GHz/8GB/256GB | $1,400.68* | $48.32 |
| 11" 1.7GHz/8GB/512GB | $1,691.68* | $57.32 |
| 13" 1.3GHz/4GB/128GB | $1,061.18* | $37.82 |
| 13" 1.3GHz/4GB/256GB | $1,255.18* | $43.82 |
| 13" 1.3GHz/8GB/256GB | $1,352.18* | $46.82 |
| 13" 1.3GHz/8GB/512GB | $1,643.18* | $46.82 |
| 13" 1.7GHz/8GB/256GB | $1,497.00* | $52.00 |
| 13" 1.7GHz/8GB/512GB | $1,788.68* | $60.32 |
* price with Promo Code:
APPLEINSIDER01
|
||
| Click for even more configurations | ||
| Model | White | Black | |
|---|---|---|---|
| iPad mini (WiFi only) | |||
| 16GB WiFi |  |
$329.00 | $329.00 |
| 32GB WiFi | |
$429.00 | $429.00 |
| 64GB WiFi | |
$529.00 | $529.00 |
| iPad mini (WiFi + 4G) | |||
 |
 |
 |
|
| 16GB 4G White | $459.00 | $459.00 | $459.00 |
| 32GB 4G White | $559.00 | $539.99 | $559.00 |
| 64GB 4G White | $659.00 | $659.00 | $629.99 |
| 16GB 4G Black | $459.00 | $459.00 | $459.00 |
| 32GB 4G Black | $559.00 | $539.99 | $539.99 |
| 64GB 4G Black | $659.00 | $659.00 | $629.99 |
I'm on my second defective Apple Mac Book battery. It is in a middle 2008 polycarbonate 2.4 GHz Core 2 Duo model. The first one expanded so much that it pushed the track pad and some keys upward causing them to stick. The latest replacement decided it would not hold a charge more than one and a half hours for a while. Then it refused to hold a charge more than a few minutes.
This is from the batch that was recalled from Sony years ago. I assumed that they fixed the problem and stopped sending out defective ones. I assumed wrong.
Apple refused to replace the first one. So I reported it to the Consumer Products Safety Commission or whatever it is called. Only then did Apple contact me and offer to replace it. The replacement only worked for a few weeks before problems started. My laptop computer is not relegated to being a desktop computer.
Now that a software hack is about to be released into the world that could destroy more batteries, Apple had better prepare itself with some new batteries. What if such a hack or even a defect happens in the sealed batteries in the all aluminum models? That would be really bad.