Home Business IT Security Apple laptop batteries are the new attack vector

What many users don't realise is that there is executable code in the battery of their Apple laptop device.  It even has a password that the Operating System uses to communicate securely with it.  Think about it - how else can the battery instruct the computer that it has enough charging (thanks very much) and in fact that it really is a genuine Apple-authorised battery, not some fly-by-night unit that doesn't have the Apple kiss of life.

Charlie Miller was able to decompile an Apple update in 2009 that dealt with the battery and from that extracted two passwords used to validate firmware updates to the battery.  He found that Apple offered no way to change these default passwords.

"You could put a whole hard drive in, reinstall the software, flash the BIOS, and every time it would reattack and screw you over. There would be no way to eradicate or detect it other than removing the battery." says Miller.

Of course next, we'll hear that the smarts in toner cartridges are conspiring to defraud us of useful toner levels!

As part of his research, Miller developed an antidote called "Caulkgun" which changes the battery password to some random string, but of course that would stop future battery-related updates from Apple being applied.

"No one has ever thought of this as a security boundary," says Miller. "It's hard to know for sure everything someone could do with this."

Other researchers chided Miller for the chance he might blow something up, but three things stopped him.  At $US130 each, his personal credit card stopped after he'd 'bricked' seven batteries; working from home, he had something of a pathological fear of blowing his place up and finally, when opening one of the bricked batteries he discovered that fuses inside would stop them charging if the temperature was too high.

 

Miller is presenting his findings at the next Black Hat Congress in Las Vegas in August.

FREE - SYDNEY & MELBOURNE BUSINESS INTELLIGENCE EVENTS

The Holy Grail of the Business Intelligence (BI) industry – pervasive deployments and widespread end-user adoption – has remained an illusive dream for years. Until now!

REGISTER & SECURE YOU PLACE / BRING A FRIEND

Melbourne - venue Captain Melville’s CBD 2:30 – 6:00pm, Tuesday 28th April

Sydney - venue Redoak CBD 2:30 – 6:00pm, Thursday 30th April

DON'T MISS OUT - MELBOURNE REGISTER NOW!

DON'T MISS OUT - SYDNEY REGISTER NOW!

FREE WHITEPAPER - RISKS OF MOVING DATABASES TO VMWARE

VMware changed the rules about the server resources required to keep a database responding

It's now more difficult for DBAs to see interaction between the database and server resources

This whitepaper highlights the key differences between performance management between physical and virtual servers, and maps out the five most common trouble spots when moving production databases to VMware

1. Innacurate metrics
2. Dynamic resource allocation
3. No control over Host Resources
4. Limited DBA visibility
5. Mutual ignorance

Don't move your database to VMware before learning about these potential risks, download this FREE Whitepaper now!

DOWNLOAD!

David Heath

joomla statistics

David Heath has over 25 years experience in the IT industry, specializing particularly in customer support, security and computer networking. Heath has worked previously as head of IT for The Television Shopping Network, as the network and desktop manager for Armstrong Jones (a major funds management organization) and has consulted into various Australian federal government agencies (including the Department of Immigration and the Australian Bureau of Criminal Intelligence). He has also served on various state, national and international committees for Novell Users International; he was also the organising chairman for the 1994 Novell Users' Conference in Brisbane. Heath is currently employed as an Instructional Designer, building technical training courses for industrial process control systems.

Connect