Are Apple Batteries a Security Risk?
Have you ever thought of your battery as being a security risk to your computer? I admit, it wouldn't be the first thing I'd think of, but apparently, that will be a discussion at next month's Black Hat Conference.
Miller allegedly figured out a way to hack the battery's microcontrollers and shows how this hack can be used to steal data, brick batteries or even cause the battery to catch fire. According to a ZDNet article:
It's an interesting hack. Miller started with a battery firmware update released by Apple a few years ago. Buried within this update he found the password (which turned out to be the default password for the component as set by the manufacturer) and set of commands needed to put the battery microcontroller into ‘full access mode.' This mode allowed low-level access to the controller and offered Miller the chance to make it do things it wasn't supposed to do, such as lie about the charge state of the battery. He also managed to brick batteries — seven in all, each costing $130.
On a Forbes blog, Miller is quoted:
You could put a whole hard drive in, reinstall the software, flash the BIOS, and every time it would reattack and screw you over. There would be no way to eradicate or detect it other than removing the battery.
The folks at Sophos appear to be a bit skeptical about the whole thing, though. First, they don't believe that a battery is any more susceptible to an attack than any other firmware component in the computer, and second, if the battery is manufactured properly, it shouldn't blow up or set the computer on fire.