Apple has been in the news a lot this week following the launch of the new MacBook Air and OS X Lion upgrade. But today we have some more worrying news as an Apple laptop security flaw has been found, and malware risks emerge.
The problem has been found after a security researcher Charlie Miller studied batteries for several MacBooks, MacBook Airs, and MacBook Pros. According to Andy Greenberg of Forbes Miller plans to expose the flaw and also provide a fix at next month’s Black Hat security conference. The problem concerns the chips that control the batteries.
Laptop batteries of today’s devices now have a chip which monitors the power level of the unit. This allows the operating system and charger to keep a check of the battery and respond accordingly, and allows lithium ion batteries to know when to stop charging if the unit is powered off.
The trouble is the batteries chips come with default passwords, so if anyone manages to discover the passwords they may be able to control the chips firmware. The hacker could then potentially ruin the batteries or implant them with hidden malware which could infect the laptop. Miller said “These batteries just aren’t designed with the idea that people will mess with them”. But the trouble is it is possible.
Passwords were discovered by Miller which are used to alter Apple laptop batteries, by studying a 2009 software update Apple had used to fix a problem with MacBook batteries. Once accessed he was able to change the chips firmware and make it give out whatever readings he wanted.
Miller managed to permanently brick seven batteries at a cost of $130 a piece during his tests. But if criminals managed to install malicious malware that infects the rest of the laptop, they could control its functions, cause it to crash, or steal data. The battery’s firmware would be the last place most IT administrators would look for an infection, and if not found it could re-infect the computer again and again.
Miller has worked to fix the problems and at the Black Hat conference plans to release a tool for Apple users called Caulkgun. This will change the battery firmware passwords to a random string which will then prevent the attack from happening. The research has been sent to both Apple and Texas Instruments by Miller to highlight the problem to the companies.
Are you concerned about the possible vulnerability of Apple’s laptop batteries?