UPDATED 16:57 EST / JULY 26 2011

NEWS

Apple Batteries can be Bricked and Attack Computers through Firmware Hack

A rather disturbing discovery recently uncovered by security researcher Charlie Miller tarnishes the high and mighty Apple Mac. According to Miller, Apple laptop batteries can be hacked and set to brick themselves completely. What’s more is that it’s possible to hide malware in the battery’s firmware that’s not identifiable with virus scans, neither is it fixable through complete re-installation of the operating system.

Now how is this even possible? Laptop batteries these days have processors with firmware within for the purpose of managing its communication with the computer. Miller found out that you can access the firmware via examining hotfixes that Apple has been delivering all these years for malfunctioning batteries. From there, you can direct the battery to brick itself. You can set it with faulty commands to provide false battery information to the computer. The farthest you can get with this trick is to hide a malware within the battery firmware, causing it not only to malfunction but to attack the computer itself.

“With physical access, it is possible to reprogram the microcontroller of any USB connectable device—such as mice,” says Kyt Dotson, HackANGLE editor. “Once the microcontroller is reprogrammed many operating systems will allow the compromised mouse access to spaces in the computer’s memory that otherwise might be blocked to ordinary software via its drivers. This allows malware in the mouse’s microcontroller to steal data or even infect the computer. An infected battery isn’t that surprising an outcome.”

Looking at the bright side, it is not possible for this newly-discovered hack to cause Apple batteries to overheat, or explode. Miller’s discovery is based on the Apple battery that is most commonly used in Apple laptop and he will discuss this flaw at the Black Hat conference in Las Vegas next month. The curiosity that led him to this finding was inspired by Barnaby Jack’s ATM hacking talk last year during the same conference.

“The battery has its own processor and firmware and I wanted to get into the chip and change things and see what problems would arise,” said Miller, a principal research consultant at Accuvant.

Not like it’s the first time we were caught off-guarded by a similar discovery. Back in January, researchers at the Black Hat Conference found out that it is possible to hack a laptop by plugging Android smartphones infected with a low-profile Trojan horse via USB. It steals data and has the least chance of being detected by antivirus software. Another such Trojan is called Soundminer. It logs phone calls and records when a person says or dials a confidential number such as credit card numbers.

Google’s also doing its fair share of precaution by deploying a new malware detection system on its search engine to warn a user when he is being intercepted by displaying a large warning sign with a palm faced forward indicating stop. Meanwhile, mobile security company Lookout utilizes big data to predict malware threats.

Indeed, the ability to discover these kinds of things will make something out of you. Notorious iPhone and Sony hacker George Hotz, or GeoHot, for instance, was hired by Facebook because of his superb engineering skills.


A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU