Originally posted on August 5, 2011 @ 9:07 am
Attention fellow Mac users, research has shown that our beloved laptops are prone to being hacked in one place you might have never imagined – its batteries.
Accuvant security researcher Charlie Miller has been looking into the vulnerability of Apple laptop batteries, and what he has uncovered is not something that would make any Mac user happy. According to Miller Macbooks, Macbook Pros, and Macbook Airs alike share the same vulnerability of having built-in battery chips with default passwords. This shouldn’t be a problem if nothing can be done with the chip, but a hacker that finds out the passwords can actually control the firmware and make it do really disruptive, even downright disastrous tricks such as overcharging your battery, or rendering it useless. While this wouldn’t be much of a problem with other laptops, since you can easily just buy another battery, with an Apple laptop you will need to bring your gadget to an Apple Store just to have the built-in batteries changed. Of course, there’s the additional headache of the replacement battery’s cost.
Even worse than being able to destroy your batteries, Miller says that anyone with the know-how can install malware on battery chip that will help them steal data off your laptop or do the other usual nasty tricks associated with malware. The problem with this is that even if you keep on resetting your laptop or even go as far as change your hard drive, the malware will still be able to attack your laptop again, unless you realize that the problem lies in the batteries and have them changed.
Though Miller may bring grim news to us, he also has the fix that would help us rest more easily. He’ll be releasing his fix, called the “Caulkgun”, during the Black Hat security conference in Las Vegas later this month. “Caulkgun” should replace the default passwords with a new randomly generated password, so that hackers that figure out the default password still won’t be able to access your laptop’s batteries. The downside to this fix though is that Apple wouldn’t be able to access the chip either in case they need to in the event of an update.
As for Apple’s take on the matter, they have not given any comment yet. We’ll have to see if they’ll come up with their own fix for the problem or we will indeed have to rely on Miller’s Caulkgun to keep our Apple laptops safe.