MacBook batteries vulnerable to hack; could be explosively dangerous

A potentially dangerous security hole in Apple’s range of MacBook battery micro-controllers’ firmware could be exploited to destroy the batteries inside the notebooks, according to security researcher Charlie Miller. When looking into batteries in MacBooks, MacBook Pros and MacBook Airs, Miller found that through using passwords hidden in a 2009 software update designed to fix MacBook batteries, a hijacker could take control of the battery micro-controllers and cause all sorts of havoc.

Miller himself managed to kill seven MacBook batteries through exploiting this security hole, but goes further to explain what someone might be able to do. He claims that you could alter the heat readout chip and cause the battery to explode or catch fire, but didn’t test it himself because “I wasn’t super inclined to cause an explosion [in my house].” He also suggests that you could load malicious software into the battery controller that is deployed when a computer is started, re-infecting the system countless times:

You could put a whole hard drive in, reinstall the software, flash the BIOS, and every time it would reattack and screw you over. There would be no way to eradicate or detect it other than removing the battery. Presumably Apple has never considered that as an attack vector, so it’s very possible it’s vulnerable.

At the Black Hat security conference in August, Miller plans to present his research and also unveil a fix for anyone worrying over the state of their MacBook battery. The tool, named “Caulkgun”, will change the battery firmware password to a random string, preventing hackers from using the default passwords to infect the battery controller. Miller has also contacted Apple and Texas Instruments to notify them of the issue.

Report a problem with article
Previous Story

HP ProLiant ML110 G7, first Windows 8 server from HP?

Next Story

TalkTalk rated UK's worst broadband provider in survey

56 Comments

Commenting is disabled on this article.

This makes me remember a tech company I worked for a while back. The testing department would constantly get a virus on their computers (MSDOS) used to test a certain board and I would eradicate it, only to have it return some time later. It turned out that one of the testing CPUs had the virus on it (we would insert the CPU in the board when testing it, and remove it once done and use it on another board). We stopped using that CPU and the virus never returned.

Also just to point out that I don't think this effects many other laptops, generally laptops don't have battery firmwares, they're loaded with a single version and that's it, quite why apple has firmware updates for BATTERIES is something that worries me, do they release models with buggy and untested battery components?

Yes, but this sort of attack is theoretically academic, correct?

I remember a report claiming that hackers could hack into routers and create botnets without even infecting any computers.

Alarmism, if anything. Nothing is completely secure from attack.

XX55XX said,
Yes, but this sort of attack is theoretically academic, correct?

I remember a report claiming that hackers could hack into routers and create botnets without even infecting any computers.

Alarmism, if anything. Nothing is completely secure from attack.


Maybe you should read up on busybox shells, lulzsec, how routers work, etc.

I actually read about the possibility of exploiting the hardware of a computer through software means. It makes sense, since hardware is controlled by software these days (as opposed to the earlier days of computers without operating systems). The thing is, usually the kernel of the operating system is supposed to prevent hardware loops (which is why we have a BSOD or Kernel Panic for Windows/Mac or Linux systems). However, this exploit apparently seems to get past the kernel, I'm guessing. If so, this just proves the insecurity of Unix even more, contrary to some enthusiast's beliefs. The scary thing about this, though, is that all computers contain explosive parts in them that could be activated via a software exploit.

Sounds like something you would hear in the list of funny customer complaints on a tech help line

"Hi whats the problem"
"My MacBook's Battery is infected"
...
...
...
"OoooK"

Click

yowan said,
Just buy a regular laptop with Windows instead of poor quality Apple hardware

Are you seriously telling me that you think the battery controller in a windows laptop wouldn't work the same way? Just a matter of someone having to figure out the password or bypass it...

Leonick said,

Just a matter of someone having to figure out the password or bypass it...

Let me know when someone figures out how to do that. Until then it's not an issue.

yowan said,
Just buy a regular laptop with Windows instead of poor quality Apple hardware
YES!!! EXACTLY. You muppets are not cool with your overpriced pretty junk. Get a computer not a toy.

TRC said,

Let me know when someone figures out how to do that. Until then it's not an issue.


I'd be willing to bet that the vast majority of laptop batteries in existence use the same or similar controllers, meaning that many or most of them are likely vulnerable to the same type of exploit.

asdavis10 said,

You fail.


Actually, he wins. How come Mac OSX is the only OS to be this insecure? There are many technical reports putting Windows above Mac in terms of security, yet these enthusiasts still insist that Macs are even the slightest bit secure simply because hackers choose not to use all of the exploits on this OS.

Doesn't matter, I guess. Let them use their insecure OS and see what happens. I wonder who will be bragging about "*nix security" then??

Xerax said,
I agree. A keylogger is much more dangerious than your battery exploding... /s

idiot.

You're the idiot. It's obvious that this wouldn't just affect mac batteries.

AFineFrenzy said,

You're the idiot. It's obvious that this wouldn't just affect mac batteries.

Yet.

Also you can bet that if you phoned up apple regarding this as a worried customer, they would blindly ignore the issue just like that business with Mac Defender(sp?)

I'm sure Apple could issue a new Firmware patch that changes the password. And I'm sure now that this is getting some publicity they will do just that.

Worrying if it is possible to destroy the battery in this manner.

Vice said,
I'm sure Apple could issue a new Firmware patch that changes the password. And I'm sure now that this is getting some publicity they will do just that.

Worrying if it is possible to destroy the battery in this manner.


Yea, the thing about changing passwords like this with a software update means that the password can be found in the updated, you know, just like this guy got the password

I get a feeling newer macbooks might have had the password changed though, I doubt Apple would reuse every time, specially after having had to use it in a software update.

Leonick said,

Yea, the thing about changing passwords like this with a software update means that the password can be found in the updated, you know, just like this guy got the password

I get a feeling newer macbooks might have had the password changed though, I doubt Apple would reuse every time, specially after having had to use it in a software update.

No that doesn't mean that at all. This is how it could work ->

1. Use the password (current) to allow firmware update
2. Apply the new Firmware which contains a new password that no one knows
3. No one has the new password because it wasn't used yet.

See? - Then when they update the firmware next time they change the password inside the next Firmware like they do to fix it this time so no one will ever be able to get a password that works only the last password used.

Of course none of us really know what is possible, maybe they can't update the firmware without it being captured I dunno.

Vice said,

No that doesn't mean that at all. This is how it could work ->

1. Use the password (current) to allow firmware update
2. Apply the new Firmware which contains a new password that no one knows
3. No one has the new password because it wasn't used yet.

See? - Then when they update the firmware next time they change the password inside the next Firmware like they do to fix it this time so no one will ever be able to get a password that works only the last password used.

Of course none of us really know what is possible, maybe they can't update the firmware without it being captured I dunno.

The point Leonick was making was that the firmware update could be inspected to try and find out what the new password was.

My question is whether other vendors suffer from the same issue, since Apple of course doesn't manufacture their own batteries.

primexx said,
My question is whether other vendors suffer from the same issue, since Apple of course doesn't manufacture their own batteries.

Denis W said,
A bit creepy.

I for one would not wish anyone's laptop to explode like that. Don't know what's so funny about this.


Indeed, one would think most battery controllers would be hackable in this way then.
Problem here is they got the passwords from a software update, I wonder if any other computers use the exact same battery controller and if it the uses the same password.
The password was leaked in 2009, that means that either all newer MacBooks likely have a different password that or they aren't changable, hmm...

Scary thought, there is probably plenty of hackers that should be able to get around the password which means they could attack this on more computers(?)

primexx said,
My question is whether other vendors suffer from the same issue, since Apple of course doesn't manufacture their own batteries.

It's funny cause Mac's #1 selling point is that they don't get viruses and they "just work", which everyone with half a brain always knew was the fattest lie ever.

Denis W said,
A bit creepy.

I for one would not wish anyone's laptop to explode like that. Don't know what's so funny about this.

Irony, really. I wouldn't find it funny either if it exploded. But, the irony is their OS maybe be 'virus or malware safe,' but I would rather lose files or information, than have a laptop explode in my lap any day. Way worse than any virus.

Uplift said,
Surely the hacker will need access to the computer? making this pointless?
Given that there are no real products to check for malware on macs other than the human brains of mac users, it should be pretty easy to get access to the computer over the network. I'm willing to bet 80% of the mac users are mom-n-pops-n-kids who have no idea about computers let alone micro-controllers (ha!) but have lots of cash to spend. There will soon come a time when Apple will re-invent the wheels of patching that Microsoft has been inventing. Maybe Apple won't do it and leave its users out in the cold with possible battery bombs. We'll just wait and see.

virtorio said,
I need some Anti-Virus for my battery controller.

main bios/NIC card bios/GPU Bios/mbr/ntfs ipl and now battery virus, did i miss something?

nowadays when you get a computer virus you have to through away the whole computer