Apple's MacBook Batteries Vulnerable to Hacks
Dr. Charlie Miller, Accuvant LABS principal research consultant, will demonstrate at the Black Hat USA 2011 security conference next week that the batteries of Apple's Macbooks, Macbook Pros and Macbook Airs are vulnerable to hacking attacks. Yes, the batteries!
Miller, highly respected for his work on Mac OS X (Apple's new operating system for PCs) and iOS (the OS for tablets and iPhones), noted that batteries on the Apple laptops, as well as other laptops, contain an embedded chip that monitor the power level of the unit, says stop when the battery is fully charged and regulates the heat.
Here lies the problem: Miller points out that that the batteries' micro-controllers have DEFAULT PASSWORDS. After finding out the two passwords and learning to control firmware, a hacker can hijack the battery and change the instructions on how it should interact with the OS and other components.
Miller says this vulnerability can be used for malicious possibilities, including ruining the batteries at will, implanting them with malware (which could survive in a reinstallation of the oS), or even cause the batteries to catch fire or explode. [Talk about James Bond doing some hacking while villain Dr. No is on his laptop].
Miller, of course, has a solution to the problem. At the Black Hat conference, he will release a tool called "Caulkgun", which would change battery firmware's passwords to a random string. The Caulkgun, however, would also prevent Apple from using the battery's default passwords to implement their own upgrades and fixes.
The Black Hat security conference will be held from July 30 - Aug. 2 at Caesar's Palace in Las Vegas.
Aside from his talk on battery firmware hacking, Miller at the conference will also a panel of researchers in discussing which mobile attack model is the most dangerous to an enterprise, which carries the most risk, when the monetization of mobile attacks will really occur, and what organizations can do to save themselves.