Apple batteries can be hacked, says researcher

It's possible to hack Apple MacBook batteries, but you might not be able to blow them up just yet.

Apple MacBook

It is possible to hack Apple MacBook batteries, with the potential to set them on fire, notable security researcher Charlie Miller believes.

Miller will talk about how to compromise an Apple battery by taking over its "embedded controller" at the Black Hat conference in Las Vegas next month.

That controller the chip responsible for charging the battery - is used in a large number of MacBook, MacBook Pro and MacBook Air laptops.

"I will demonstrate how the embedded controller works. I will reverse engineer the firmware and the firmware flashing process for a particular smart battery controller," explained Miller, who currently works as Accuvant Labs' principal research consultant.

"In particular, I will show how to completely reprogram the smart battery by modifying the firmware on it. Also, I will show how to disable the firmware checksum so you can make changes. I present a simple API that can be used to read values from the smart battery as well as reprogram the firmware."

He said hackers with the ability to control a working smart battery could cause safety issues, such as overcharging or fire.

To hack the hardware, Miller found he first needed to crack a four-byte password needed to unlock the battery from "sealed mode," Kaspersky's Threat Post reported.

He then had to find another password to gain full control of the battery.

"You can read all the firmware, make changes to the code, do whatever you want. And those code changes will survive a reinstall of the OS, so you could imagine writing malware that could hide on the chip on the battery," Miller said.

"You'd need a vulnerability in the OS or something that the battery could then attack, though."

Despite his best intentions, Miller was unable to make the battery explode or set on fire.

He will release a tool at the Black Hat conference to change default passwords on the battery's chip so the hacks will no longer work and the device will be permanently locked in sealed mode.

Featured Resources

BCDR buyer's guide for MSPs

How to choose a business continuity and disaster recovery solution

Download now

The definitive guide to IT security

Protecting your MSP and your customers

Download now

Cost of a data breach report 2020

Find out what factors help mitigate breach costs

Download now

The complete guide to changing your phone system provider

Optimise your phone system for better business results

Download now

Recommended

Apple doubles down in the US with $430 billion investment
business intelligence (BI)

Apple doubles down in the US with $430 billion investment

27 Apr 2021
Data breach exposes widespread fake reviews on Amazon
data breaches

Data breach exposes widespread fake reviews on Amazon

7 May 2021
TsuNAME vulnerability could enable DDoS attacks on major DNS servers
distributed denial of service (DDOS)

TsuNAME vulnerability could enable DDoS attacks on major DNS servers

7 May 2021
What are SSH keys?
cyber security

What are SSH keys?

7 May 2021

Most Popular

KPMG offers staff 'four-day fortnight' in hybrid work plans
flexible working

KPMG offers staff 'four-day fortnight' in hybrid work plans

6 May 2021
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

29 Apr 2021
Qualcomm modem flaw puts millions of Android users at risk
Google Android

Qualcomm modem flaw puts millions of Android users at risk

6 May 2021