Apple Laptops Vulnerable To Battery Firmware Hack 272
Trailrunner7 writes "Security researcher Charlie Miller, widely known for his work on Mac OS X and Apple's iOS, has discovered an interesting method that enables him to completely disable the batteries on Apple laptops, making them permanently unusable, and perform a number of other unintended actions. The method, which involves accessing and sending instructions to the chip housed on smart batteries, could also be used for more malicious purposes down the road. Miller discovered the default passwords set on the battery at the factory to change the battery into unsealed mode and developed a method that let him permanently brick the battery as well as read and modify the entire firmware. 'You can read all the firmware, make changes to the code, do whatever you want. And those code changes will survive a reinstall of the OS, so you could imagine writing malware that could hide on the chip on the battery. You'd need a vulnerability in the OS or something that the battery could then attack, though,' Miller said."
Why? (Score:5, Insightful)
In other news - batteries have firmware.
Firmware should have a write-enable switch (Score:5, Insightful)
This is just one more reason why software that's not designed to be frequently changed should be write-protected unless the user sets a specific hardware switch.
If the hardware switch is in its default location - "protect" - it should be mathematically provable that the firmware cannot be overwritten.
Re:Physical access? (Score:3, Insightful)
I'm not worried, mine has never been anywhere near a Chinaman.
Re:Why? (Score:4, Insightful)
You got it right the first time - to control the charging process. That is the "non predatory" reason that lithium ion batteries have chips in them, and it is *absolutely* not unique to Apple.
Don't let facts get in the way of a good Apple bash though!
one hack to ruin them all.... (Score:4, Insightful)
If it's a problem at Apple then it's a problem with a number of other hardware devices that use the same battery controllers, so your windoze laptops isn't safe either. Someone could also hack my Logitech Mouse and brick it too, or any number of peripherals that have upgradeable firmware, like my router, printer, keyboard, the list goes on.
Decades old news (Score:4, Insightful)
BTW, Apple batteries have had firmware for the last 10-15 years, so your info is a little late.