A renowned security researcher has discovered that the micro-controller that monitors the power level of an Apple laptop can be compromised to allow a hacker to run code on it, potentially even cause the battery to explode.
Security expert Charlie Miller, notorious for his hacking feats against Apple systems, reportedly examined the batteries in several MacBooks, MacBook Pros and MacBook Airs, and found an alarming vulnerability.
The researcher has found that the batteries’ micro-controller chips ship with default passwords. Once a hacker learns that password, they can learn to control the chips’ firmware and potentially hijack them.
Bad scenarios proposed by Miller include permanently ruining they battery, implanting it with hidden malware that infects the computer regardless of what is contained on the hard drive, and even potentially cause the battery to heat up, or catch fire.
According to the security researcher, a hacker could well cause the laptop’s battery to explode.
“These batteries just aren’t designed with the idea that people will mess with them,” Miller said. “What I’m showing is that it’s possible to use them to do something really bad.”
Miller found the passwords used to access Apple batteries by reverse-engineering a 2009 software update from Apple tasked with fixing a problem with MacBook batteries.
“You could put a whole hard drive in, reinstall the software, flash the BIOS, and every time it would re-attack and screw you over. There would be no way to eradicate or detect it other than removing the battery.” said Miller.
Miller plans to publicly disclose the flaw, and provide a fix at the Black Hat security conference in August.
An employee of security firm Accuvant, Miller will most likely provide the fix to Apple first, so that the Cupertino company is able to parch the vulnerability before it’s too late.