Macbook battery firmware vulnerable to hijacking or worse

macbook battery indicators by William Hook Via FlickrWell-known Mac security gnat Charlie Miller, a researcher at Accuvant consultancy and co-author of The Mac Hacker’s Handbook, says he’s found a hole in MackBook security through a little-studied area—the battery.

According to a Forbes article, Miller says the easily overlooked weak point in an Apple Laptop’s security—be it Macbook, Macbook Air or Macbook Pro—is the firmware in a chip that controls the batteries. The microcontroller is what monitors power levels in a modern laptop, it allows the OS to check on the battery’s charge. The chip regulates heat and stops charging when the computer is off.

Miller’s Macbook vulnerability comes from the fact that these chips are shipped with default passwords. If these passwords are found, the firmware can be hijacked and controlled completely. The Accuvant security researcher says he found the two passwords while looking through a software update in 2009 that was intended to fix a problem with Macbook batteries.

With these keys to the firmware, he gained the ability to tell the OS and charger whatever he wanted. Miller ended up bricking seven batteries laptop batteries miller bricked via Forbeswhile messing around, and he believes that with malicious intent, criminals could install persistent malware on the chip which would steal data, or cause the computer to crash.

“You could put a whole hard drive in, reinstall the software, flash the BIOS, and every time it would reattack and screw you over. There would be no way to eradicate or detect it other than removing the battery,” he says.

Though there may be potential for the batteries to catch fire and even explode, the researcher says that the batteries he’s gone through have safeguards in place that should stop any serious damage from happening. Miller is planning to expose and provide a fix for the vulnerability at the August Black Hat security conference. He says he plans on releasing a tool called the “Caulkgun” that randomizes the firmware passwords, protecting against any exploitation.