A potentially dangerous security hole in Apple’s range of MacBook battery micro-controllers’ firmware could be exploited to destroy the batteries inside the notebooks, according to security researcher Charlie Miller. When looking into batteries in MacBooks, MacBook Pros and MacBook Airs, Miller found that through using passwords hidden in a 2009 software update designed to fix MacBook batteries, a hijacker could take control of the battery micro-controllers and cause all sorts of havoc.
Miller himself managed to kill seven MacBook batteries through exploiting this security hole, but goes further to explain what someone might be able to do. He claims that you could alter the heat readout chip and cause the battery to explode or catch fire, but didn’t test it himself because “I wasn’t super inclined to cause an explosion [in my house].” He also suggests that you could load malicious software into the battery controller that is deployed when a computer is started, re-infecting the system countless times:
You could put a whole hard drive in, reinstall the software, flash the BIOS, and every time it would reattack and screw you over. There would be no way to eradicate or detect it other than removing the battery. Presumably Apple has never considered that as an attack vector, so it’s very possible it’s vulnerable.
At the Black Hat security conference in August, Miller plans to present his research and also unveil a fix for anyone worrying over the state of their MacBook battery. The tool, named “Caulkgun”, will change the battery firmware password to a random string, preventing hackers from using the default passwords to infect the battery controller. Miller has also contacted Apple and Texas Instruments to notify them of the issue.