Apple batteries can be hacked, says researcher

It's possible to hack Apple MacBook batteries, but you might not be able to blow them up just yet.

Apple MacBook

It is possible to hack Apple MacBook batteries, with the potential to set them on fire, notable security researcher Charlie Miller believes.

Miller will talk about how to compromise an Apple battery by taking over its "embedded controller" at the Black Hat conference in Las Vegas next month.

That controller the chip responsible for charging the battery - is used in a large number of MacBook, MacBook Pro and MacBook Air laptops.

Advertisement - Article continues below

"I will demonstrate how the embedded controller works. I will reverse engineer the firmware and the firmware flashing process for a particular smart battery controller," explained Miller, who currently works as Accuvant Labs' principal research consultant.

"In particular, I will show how to completely reprogram the smart battery by modifying the firmware on it. Also, I will show how to disable the firmware checksum so you can make changes. I present a simple API that can be used to read values from the smart battery as well as reprogram the firmware."

He said hackers with the ability to control a working smart battery could cause safety issues, such as overcharging or fire.

To hack the hardware, Miller found he first needed to crack a four-byte password needed to unlock the battery from "sealed mode," Kaspersky's Threat Post reported.

Advertisement
Advertisement - Article continues below

He then had to find another password to gain full control of the battery.

Advertisement - Article continues below

"You can read all the firmware, make changes to the code, do whatever you want. And those code changes will survive a reinstall of the OS, so you could imagine writing malware that could hide on the chip on the battery," Miller said.

"You'd need a vulnerability in the OS or something that the battery could then attack, though."

Despite his best intentions, Miller was unable to make the battery explode or set on fire.

He will release a tool at the Black Hat conference to change default passwords on the battery's chip so the hacks will no longer work and the device will be permanently locked in sealed mode.

Featured Resources

The case for a marketing content hub

Transform your digital marketing to deliver customer expectations

Download now

Fast, flexible and compliant e-signatures for global businesses

Be at the forefront of digital transformation with electronic signatures

Download now

Why CEOS should care about the move to SAP S/4HANA

And how they can accelerate business value

Download now

IT faces new security challenges in the wake of COVID-19

Beat the crisis by learning how to secure your network

Download now
Advertisement

Recommended

Visit/security/encryption/355820/k2view-innovates-in-data-management-with-new-encryption-patent
encryption

K2View innovates in data management with new encryption patent

28 May 2020
Visit/security/phishing/355810/zloader-malware-returns-as-a-coronavirus-phishing-scam
phishing

ZLoader malware returns as a coronavirus phishing scam

27 May 2020
Visit/security/hacking/355806/anarchygrabber-hack-steals-discord-tokens-ids-and-passwords
hacking

AnarchyGrabber hack steals Discord tokens, IDs and passwords

27 May 2020
Visit/security/hacking/355801/scammers-using-coronavirus-contact-tracing-in-hacking-attempt
hacking

Scammers leverage contact-tracing in hacking attempt

27 May 2020

Most Popular

Visit/operating-systems/microsoft-windows/355812/microsoft-warns-against-installing-windows-10-may-2020
Microsoft Windows

Microsoft warns users not to install Windows 10's May update

28 May 2020
Visit/security/data-breaches/355777/easyjet-faces-class-action-lawsuit-over-data-breach
data breaches

EasyJet faces class-action lawsuit over data breach

26 May 2020
Visit/security/cyber-security/355797/microsoft-bans-trend-micros-rootkit-buster-from-windows-10
cyber security

Microsoft bans Trend Micro driver from Windows 10 for "cheating" hardware tests

27 May 2020