Security Market Segment LS
Monday, 25 July 2011 03:15

Apple laptop batteries are the new attack vector

By

Charlie Miller, a well-known security researcher in the Apple space, has found that your MacBook battery may-well be out to get you (if you don't get it first).

Charlie Miller, a winner at the last four Pwn2Own challenges has expanded our view of the Apple world yet again.

Well known for his off-the-wall challenges to the (relatively) flimsy Apple security wall, Miller has taken something of a left turn into even stranger territory.

A long time ago, this writer heard of a (hopefully) apocryphal tale of a system administrator who was struggling to locate the source of a security intrusion.  This administrator would reformat drives and the attack would continue; he would even replace the hard disk and it would continue, all the while with no connection to anything but electricity and oxygen.

In the end, he replaced the network card (along with another hard disk) and the problem vanished.  It turned out, after a lot more analysis, that the virus had managed to lodge itself into the unused portion of the EEPROM memory of the network adaptor.

As I said; hopefully apocryphal.

However, Miller's attack is equally obscure and definitely NOT apocryphal.

What he found was that it was possible to access the smarts in the battery of a MacBook and do some very unexpected things.


What many users don't realise is that there is executable code in the battery of their Apple laptop device.  It even has a password that the Operating System uses to communicate securely with it.  Think about it - how else can the battery instruct the computer that it has enough charging (thanks very much) and in fact that it really is a genuine Apple-authorised battery, not some fly-by-night unit that doesn't have the Apple kiss of life.

Charlie Miller was able to decompile an Apple update in 2009 that dealt with the battery and from that extracted two passwords used to validate firmware updates to the battery.  He found that Apple offered no way to change these default passwords.

"You could put a whole hard drive in, reinstall the software, flash the BIOS, and every time it would reattack and screw you over. There would be no way to eradicate or detect it other than removing the battery." says Miller.

Of course next, we'll hear that the smarts in toner cartridges are conspiring to defraud us of useful toner levels!

As part of his research, Miller developed an antidote called "Caulkgun" which changes the battery password to some random string, but of course that would stop future battery-related updates from Apple being applied.

"No one has ever thought of this as a security boundary," says Miller. "It's hard to know for sure everything someone could do with this."

Other researchers chided Miller for the chance he might blow something up, but three things stopped him.  At $US130 each, his personal credit card stopped after he'd 'bricked' seven batteries; working from home, he had something of a pathological fear of blowing his place up and finally, when opening one of the bricked batteries he discovered that fuses inside would stop them charging if the temperature was too high.

 

Miller is presenting his findings at the next Black Hat Congress in Las Vegas in August.


BACK TO HOME PAGE

NEW OFFER - ITWIRE LAUNCHES PROMOTIONAL NEWS & CONTENT

Recently iTWire remodelled and relaunched how we approach "Sponsored Content" and this is now referred to as "Promotional News and Content”.

This repositioning of our promotional stories has come about due to customer focus groups and their feedback from PR firms, bloggers and advertising firms.

Your Promotional story will be prominently displayed on the Home Page.

We will also provide you with a second post that will be displayed on every page on the right hand side for at least 6 weeks and also it will appear for 4 weeks in the newsletter every day that goes to 75,000 readers twice daily.

POST YOUR NEWS ON ITWIRE NOW!

talentCRU FREE WEBINAR INVITE - Cybersecurity in COVID-19 times and beyond

With the mass transition to remote working, our businesses are becoming highly dependent on the Internet.

So, it’s no surprise that we’ve seen an increase in cyberattacks.

However, what’s more concerning is that just 51% of technology professionals are highly confident that their cybersecurity teams are able to detect and respond to these threats.

Join us for this free online roundtable where our experts discuss key cybersecurity issues IT leaders are facing during the pandemic, and the challenges that will likely emerge in the coming years.

JOIN WEBINAR!

BACK TO HOME PAGE
David Heath

David Heath has had a long and varied career in the IT industry having worked as a Pre-sales Network Engineer (remember Novell NetWare?), General Manager of IT&T for the TV Shopping Network, as a Technical manager in the Biometrics industry, and as a Technical Trainer and Instructional Designer in the industrial control sector. In all aspects, security has been a driving focus. Throughout his career, David has sought to inform and educate people and has done that through his writings and in more formal educational environments.

BACK TO HOME PAGE

VENDOR NEWS & WEBINARS

REVIEWS

Recent Comments