Researcher to demo hack that destroys MacBook batteries

By on July 22, 2011, 7:32 PM

Your Apple notebook might be vulnerable to an attack that could cause its battery to die, harbor malware or even explode, according to security researcher Charlie Miller. Speaking with Forbes, Miller explained that modern laptop batteries contain a controller that monitors their power level and regulates when they start and stop charging. After examining various MacBook, MacBook Pro and MacBook Air batteries, he found a way to manipulate the chip to cause some disastrous effects.

The batteries ship with a default password that restricts access to the controller's firmware, but that can be bypassed fairly easily. Miller discovered two of Apple's battery passwords by dissecting a 2009 software update released to fix a glitch with MacBook batteries. With those keys in hand, he managed to reverse engineer the controller's firmware, allowing him to reprogram the chip so it reports the wrong readings and eventually burns itself out -- be that figuratively or literally.

Batteries slain by Miller's hand

Potentially more startling than a flaming battery, an attacker could infect the firmware with malware, allowing them to harvest the victim's personal data. Miller noted that it would be especially nasty because few IT professionals would consider the battery as a source for the malware, allowing it to reinfect the machine perpetually. Someone could install a new hard drive, a fresh operating system, flash the system's BIOS and the malware-laden battery would live on to reattack the machine.

During his research, Miller claims to have bricked seven batteries, but he didn't attempt to push them far enough to catch fire because he works at home. "You read stories about batteries in electronic devices that blow up without any interference. If you have all this control, you can probably do it," he said. Miller will demonstrate the flaw during next month's Black Hat conference along with releasing a tool for MacBook users called "Caulkgun" that changes the battery's default password.




User Comments: 26

Got something to say? Post a comment
Xclusiveitalian Xclusiveitalian said:

That's what happens when you leave your guard down, now your completely vulnerable. Word of advise, don't put your macbook on your lap while your online..you might lose something else as-well!

captaincranky captaincranky, TechSpot Addict, said:

Should a tragedy like this befall someone, we can only hope and pray that "artificial laps" will be perfected quickly, the victim will rapidly come to his or her purchasing senses, and buy a Toshiba, Acer, or Lenovo the next time.....

Guest said:

This is only a minor setback. Remember when Dells would set themselves on fire? Notice how revolutionary the battery life and controllers that the Mac operating system possesses. Never have there been a similar Windows function.

"Miller noted that it would be especially nasty because few IT professionals would consider the battery as a source for the malware, allowing it to reinfect the machine perpetually." Yes, because you can store malware in a battery. Just buy a new battery, it's not that big of a deal. I know of many PC batteries that die within a year. This does not alter the fact that Mac is better than PC in almost aspect albeit this small bump in the road.

captaincranky captaincranky, TechSpot Addict, said:

This is only a minor setback. Remember when Dells would set themselves on fire? Notice how revolutionary the battery life and controllers that the Mac operating system possesses. Never have there been a similar Windows function.

"Miller noted that it would be especially nasty because few IT professionals would consider the battery as a source for the malware, allowing it to reinfect the machine perpetually." Yes, because you can store malware in a battery. Just buy a new battery, it's not that big of a deal. I know of many PC batteries that die within a year. This does not alter the fact that Mac is better than PC in almost aspect albeit this small bump in the road.

You go, girlfriend....!

howzz1854 said:

Guest said:

This is only a minor setback. Remember when Dells would set themselves on fire? Notice how revolutionary the battery life and controllers that the Mac operating system possesses. Never have there been a similar Windows function.

"Miller noted that it would be especially nasty because few IT professionals would consider the battery as a source for the malware, allowing it to reinfect the machine perpetually." Yes, because you can store malware in a battery. Just buy a new battery, it's not that big of a deal. I know of many PC batteries that die within a year. This does not alter the fact that Mac is better than PC in almost aspect albeit this small bump in the road.

whoa there!!... lets pump the brakes.. i wouldn't go as far as to say Macs are Superior.

i own both and use both. each have their pros and cons, and i would never go as far as to say one is superior. i can name things that PC does better than Mac, and vise versa, but i don't think there's enough space for that on this page. and i'd rather not start that again.

the fact of matter is, this is not limited to Macs, as the author points out, this technology has been widely implemented to electronics. it's only inevitable that we'll run into this at some point.

Guest said:

It be funny if someone drives close to a Apple store and does the hack and they all explode. ;)

captaincranky captaincranky, TechSpot Addict, said:

It be funny if someone drives close to a Apple store and does the hack and they all explode.
I think it would be funnier in individual circumstances

For example: In the middle of a Steve Jobs podcast.

or, some guy trying to pick up a girl by showing her his new Mac Book.

Then perhaps, when someone was watching a fireworks display video.

But best of all: in the middle of a classroom filled with PCs and the only Mac goes up like a roman candle.

stewi0001 stewi0001 said:

If you know the zoom zoom commericals, then you'll understand this:

boom boom boom (you know they rest if you know the commerical)

as for a more serious note, I'm not surprised by this finding. back to a funny note. Immagine if someone was crual enough to make a bug that would cause all the Mac batteries to go off at the same time.

captaincranky captaincranky, TechSpot Addict, said:

You know, decades ago, there was an urban legend that the Japanese were going to send out a signal, and all of our transistor radios were going to explode. It never happened. Y2K, never happened. We can all hope that with the Apple batteries, this time it will be different.

gwailo247, TechSpot Chancellor, said:

Black ICE

Guest said:

Al-Louizsec will take advantage of this.

Win7Dev said:

Easy temporary fix, take out the battery when you don't need it. I run my laptop of a cord so much, so I have decided to take out my battery. My Dell laptop works fine without it as long as the cord is plugged in. I'd laugh if Mac's had to have the battery in to run.

captaincranky captaincranky, TechSpot Addict, said:

Easy temporary fix, take out the battery when you don't need it. I run my laptop of a cord so much, so I have decided to take out my battery. My Dell laptop works fine without it as long as the cord is plugged in. I'd laugh if Mac's had to have the battery in to run.
You were expecting it to work with no battery and no cord..?

Atham said:

xclusiveitalian said:

That's what happens when you leave your guard down, now your completely vulnerable. Word of advise, don't put your macbook on your lap while your online..you might lose something else as-well!

Oh no. Lucky me, I don't have a Mac.

fimbles fimbles said:

Quote: "Just buy a new battery, it's not that big of a deal"

Hey steve!! I had no idea you were a member here at techspot. Perhaps your foxconn employees can make some use of this to save us scraping pavements..

FransB said:

People this is not a bug its a feature

Burty117 Burty117, TechSpot Chancellor, said:

fransb said:

People this is not a bug its a feature

You've got a point...

Ever been frustrated that the Battery is not easily replacable?

Well now there is an app for that! . . . iBatteryOut!

£0.59p and you can now litterally blow your battery out of the casing!

Try it now with the free Lite iBatteryOut! that will allow up-to 5 free trys.

Guest said:

" You've got a point...

Ever been frustrated that the Battery is not easily replacable?

Well now there is an app for that! . . . iBatteryOut!

£0.59p and you can now litterally blow your battery out of the casing!

Try it now with the free Lite iBatteryOut! that will allow up-to 5 free trys. "

I lol'd, still lol'n :D

Guest said:

Sorry this is one of my all time Internet pet hates!

Give "advice"

and please "advise"

Learn the difference!!!

captaincranky captaincranky, TechSpot Addict, said:

Internet English.......501

Sorry this is one of my all time Internet pet hates!

Give "advice"

and please "advise"

Learn the difference!!!

First, I already do know the difference, but thanks for reminding me..

Now you can suffer my internet pet peeve which is, "quiet", meaning "without sound*, as opposed to "quite", an adverb meaning, "particularly" or perhaps "abundantly".. As in, "he is quite handsome". Or then, "this song is quite insipid".

A fun fact is that you can turn "quiet" into an adverb, "quitely", but "Quitely"doesn't fly, now does it, since it already is an adverb?

To bring this back on topic. Do you think your Mac Book batteries will blow up quite (1*) soon?

Do you think they'll blow up quietly(2*) , or with a big, "KABOOM".....?

(1*) In this example, "quite" is taking the place of the adverb, "imminently".

(2*) Was that cheating, using the adverbial form of "quiet"?

Guest said:

LOL My comment about "advise" and "advice" wasn't even directed to you.. LOL, but hey you live up to your name Cranky!! ROFL

Inferiority issues perhaps?

You've made my day with that one... Not only that, but you gave us all here at the office a good laugh! Thanks. :)

Archean Archean, TechSpot Paladin, said:

captaincranky said:

Should a tragedy like this befall someone, we can only hope and pray that "artificial laps" will be perfected quickly, the victim will rapidly come to his or her purchasing senses, and buy a Toshiba, Acer, or Lenovo the next time.....

Perfection of artificial laps aside, I am more worried about people ending up with 'burned sausages' ....... and I am not sure one can make do with an 'artificial sausage'.

captaincranky captaincranky, TechSpot Addict, said:

Perfection of artificial laps aside, I am more worried about people ending up with 'burned sausages' ....... and I am not sure one can make do with an 'artificial sausage'.
Well, the saddest part of the upcoming reality check, is this; no, you probably can't make do with an "artificial sausage", but you can bet your boots that all of your female acquaintances assuredly can......

Archean Archean, TechSpot Paladin, said:

Sad but you are correct IMO.

One positive which may come from few 'cooked sausages' can be, that there can be lot less fan-boys around to scream on top of their lungs to propagate about their newest and greatest i-gadget.

fimbles fimbles said:

They fanboys will still be screaming. Possibly at a much higher pitch.

captaincranky captaincranky, TechSpot Addict, said:

They fanboys will still be screaming. Possibly at a much higher pitch.

Indeed. The Ap-Pranos would be very difficult to endure. Sort of like "Celtic Woman", PBS fund raising, and Sarah Palin played simultaneously. My vote for the band's name is, "iNeuters".

Load all comments...

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.