Security researcher Charlie Miller has announced that he has found a way to hack the chips that control the batteries in Apple’s MacBook, MacBook Pro, and MacBook Air. Using these chips, he was able to brick (or ruin) batteries, or even install persistent malware that would survive a physical hard drive change.
In an interview with Fortune published over the weekend, Mr. Miller said that he found these controller chips all used default passwords, and that with this knowledge, a hacker can learn how to reverse engineer the firmware Apple uses to program and control the chips.
Security Researcher Charlie Miller
Photo by Garrett Gee, posted to Flickr
“These batteries just aren’t designed with the idea that people will mess with them,” Mr. Miller told Fortune. “What I’m showing is that it’s possible to use them to do something really bad.”
He added, “You could put a whole hard drive in, reinstall the software, flash the BIOS, and every time it would reattack and screw you over. There would be no way to eradicate or detect it other than removing the battery.”
He also said that while he hasn’t tested it yet, he believes that it would be possible to use these microprocessors to blow up the battery, despite independent safeguards designed to prevent such an occurrences.
“You read stories about batteries in electronic devices that blow up without any interference,” he said. “If you have all this control, you can probably do it.”
Mr. Miller is one of the world’s foremost experts on security when it comes to Apple’s hardware and software, and he has raised the ire of both Apple and Apple fans by publishing information about security holes when he has deemed Apple too slow to respond to information.
At the same time, in February, Apple offered Mr. Miller and other security researchers advance access to Lion, an unprecedented move by the company to work with the independent security community.
As for this hack, Mr. Miller plans to unveil it at the Black Hat hacker conference that takes place in Las Vegas during August. In addition to showing how the hack can be performed, he intends to release a fix for the problem he is calling Caulkgun.
That fix will change the passwords used by your MacBook’s microcontrollers to random strings to prevent the bad guys from being able to waltz in, assuming they had control of your MacBook in the first place.
He also said that he has notified Apple and Texas Instruments, the company that makes the microcontrollers, about the problem.