Researcher Claims Apple Batteries A Potential Security Risk
Miller will present his findings and provide a solution at the upcoming Black Hat conference, which runs from July 30 - August 4 in Las Vegas. General details, however, are -already available. Modern 'smart' batteries contain microcontrollers that monitor battery capacity, ensure that the storage cell isn't ever overcharged, and are capable of a certain degree of thermal management. Unfortunately, the batteries in at least some Macbook, Macbook Air, and Macbook Pro systems were all shipped out using default username/passwords.
As if all the ways people might be spying on you normally isn't freaky enough, now the call is coming from inside the house
Miller was able to reverse engineer the necessary data by analyzing a 2009 update Apple pushed out to address Macbook battery concerns. According to Forbes, he's since been able to force the battery to report whatever charge level he ordered it to show, and report the battery as having failed when it hadn't done so. He's also had no trouble deliberately killing batteries and has completely re-written the firmware to demonstrate how it could be used to conceal malware in an area virtually no one—even experienced IT staff—would ever think to look.
“You could put a whole hard drive in, reinstall the software, flash the BIOS, and every time it would reattack and screw you over. There would be no way to eradicate or detect it other than removing the battery." Miller told Forbes. The researcher, who has worked for the National Security Agency, acknowledged that the use-the-battery-as-malware-storage trick would need an additional vulnerability in order to hook into the operating system. He noted, however, that "Presumably Apple has never considered that as an attack vector, so it’s very possible it’s vulnerable.”
As hacks go, this is one of the more interesting we've heard of. As recently as a few years ago, even the smartest of smart batteries wouldn't have had enough on-device ROM to store "Hello World," much less any form of malware. Apple has yet to comment on the situation; Miller's presentation will likely contain additional info on which laptop models are affected. He's also developed a tool--nicknamed Caulkgun--that laptop owners can use to randomize their password and prevent this sort of attack, but warns that it comes with a caveat. Locking the battery down in this manner would also prevent Apple from implementing any of their own updates or changes, and could possibly lead to headaches down the line for legitimate customers in need of warranty service.