Post Reply 
Researcher hacks the batteries of Apple’s MacBook to allow persistent malware
Author Message
Joom
WOOP
Worlds End

Posts: 4,206.7320
Threads: 417
Joined: 20th Mar 2009
Reputation: 5.41709
E-Pigs: 134.1772
Offline
Post: #1
Researcher hacks the batteries of Apple’s MacBook to allow persistent
Quote:A security researcher has found a way to install persistent malware or disable the battery system of Apple's MacBook line.

Former National Security Agency employee Dr Charlie Miller has discovered a way to gain control of the microprocessor embedded in MacBook batteries, which could allow the installation of virtually undetectable malware, or simply destroy the entire unit.

"You could put a whole hard drive in, reinstall the software, flash the BIOS, and every time it would reattack and screw you over. There would be no way to eradicate or detect it other than removing the battery." Miller told Forbes.

The attack is possible because Apple's batteries ship with default passwords, which Miller discovered by reverse-engineering a 2009 software update Apple issued for its MacBook line. After discovering the passwords he then bricked seven batteries while discovering the capabilities of the embedded system.

Malware installed on the battery would still need to find a weakness to cross into the operating system, but Miller said this was unlikely to be a problem, since the system did not appear to have been designed with security in mind.

Besides malware and bricking, Miller discovered how to use the controller to raise the temperature in the battery. In practice safety fuses would most likely burn out before the device exploded, since most recorded instances have involved contaminants in the battery power supply such as metal fragments, but the possibilities for mischief were there.

"These batteries just aren't designed with the idea that people will mess with them," Miller said.

"What I'm showing is that it's possible to use them to do something really bad."

Both Apple and Texas Instruments have seen his research and he will be showing the full data at the Black Hat security conference in August. He will also be releasing a tool called Caulkgun which generates random passwords for the MacBook's battery, although this could block later patches by Apple.

Miller, currently a researcher with security advisors Accuvant, has a long history of unusual hacks. In 2008 he was part of a team that hacked Android for the first time and has won prizes at CanSecWest for cracking the MacBook Air in under two minutes and repeatedly hacking Safari.

Apple Sauce

Lol @ Apple

[Image: ROVBdMh.png]
3DS Friend Code: 5000-6045-4964
25/07/2011 12:49 AM
Find all posts by this user Quote this message in a reply
I ♥ GUCCI
I ♥ POOP

Posts: 991.7700
Threads: 20
Joined: 4th Jun 2011
Reputation: 3.37413
E-Pigs: 28.4520
Offline
Post: #2
RE: Researcher hacks the batteries of Apple’s MacBook to allow persist
(25/07/2011 12:49 AM)Joom Wrote:  Lol @ Apple
Exactly:)

[Image: stickerw.png]
GUCCI?
Well that too! BUT Not exactly the brand GUCCI!
GUCCI is what I call the girl I'm in ♥ with :)
It's kind of like her pet name!
LOL :)
25/07/2011 12:51 AM
Find all posts by this user Quote this message in a reply
S7*
Sweet Dreams

Posts: 16,689.4373
Threads: 1,056
Joined: 3rd Apr 2007
Reputation: 14.29926
E-Pigs: 383.2289
Offline
Post: #3
RE: Researcher hacks the batteries of Apple’s MacBook to allow persist
(25/07/2011 12:49 AM)Joom Wrote:  
Quote:"What I'm showing is that it's possible to use them to do something really bad."

Really now?

Will be interesting to see if this will be used for anything... err... interesting.
25/07/2011 01:05 AM
Find all posts by this user Quote this message in a reply
ZiNgA BuRgA
Smart Alternative

Posts: 17,023.4213
Threads: 1,174
Joined: 19th Jan 2007
Reputation: -1.71391
E-Pigs: 446.0333
Offline
Post: #4
RE: Researcher hacks the batteries of Apple’s MacBook to allow persist
In all seriousness, it's nothing that great IMO.  Interesting that it's a battery, but in reality, many things have firmwares (CD drives, HDDs etc) which are updateable, so you could theoretically hide malware in there too.
25/07/2011 01:26 AM
Visit this user's website Find all posts by this user Quote this message in a reply
Silvertie
Older, less cringe, still mad.
Fractal Insanity

Posts: 1,016.3688
Threads: 32
Joined: 9th Jun 2009
Reputation: -5.33618
E-Pigs: 32.7022
Offline
Post: #5
RE: Researcher hacks the batteries of Apple’s MacBook to allow persist
But batteries are the last place you'd look for something causing malware symptoms, so this is pretty cunning.

Good thing I don't have apple products. But seriously, standard default passwords? Why not a password based on the S/N of the battery itself?

"Books! I've read several on the subject!"
[Image: khadorsigfinal.jpg]
Silvertie: The Blog | A Door In Nowhere: The Webcomic
25/07/2011 02:39 PM
Visit this user's website Find all posts by this user Quote this message in a reply
Darksidehearts
Able One

Posts: 99.2565
Threads: 1
Joined: 24th May 2011
Reputation: 0.76198
E-Pigs: 5.3375
Offline
Post: #6
RE: Researcher hacks the batteries of Apple’s MacBook to allow persist
I wonder if this would this effect the older versions of the Macbook? I'll admit it does have me a bit worried, I have had my Macbook Black since 2006 and have always loved using it.
25/07/2011 07:03 PM
Visit this user's website Find all posts by this user Quote this message in a reply
ZiNgA BuRgA
Smart Alternative

Posts: 17,023.4213
Threads: 1,174
Joined: 19th Jan 2007
Reputation: -1.71391
E-Pigs: 446.0333
Offline
Post: #7
RE: Researcher hacks the batteries of Apple’s MacBook to allow persist
I probably wouldn't be that worried.  First, some malware needs to gain control of your system before it can even try to write to the battery's firmware.

What I'm surprised is why the firmware is writeable at all.
25/07/2011 07:17 PM
Visit this user's website Find all posts by this user Quote this message in a reply
eKusoshisut0
NOIDED

Posts: 6,288.3965
Threads: 102
Joined: 6th Mar 2010
Reputation: -0.51929
E-Pigs: 174.7326
Offline
Post: #8
RE: Researcher hacks the batteries of Apple’s MacBook to allow persist
Good.. phase 1 is complete.

[Image: tumblr_mlae69vAW21rmerh9o1_400.gif]


More stuff
Steam Page
[Image: K7UVN.png]
Thanks to Vacui_Natale for making this awesome siggy.
[Image: cq8au.gif]
Thanks to Natalie for this sexy Mawaru Penguindrum sig. <3
[Image: ofusT.png][


    
[Image: 9252_s.gif]

25/07/2011 09:31 PM
Find all posts by this user Quote this message in a reply
Darksidehearts
Able One

Posts: 99.2565
Threads: 1
Joined: 24th May 2011
Reputation: 0.76198
E-Pigs: 5.3375
Offline
Post: #9
RE: Researcher hacks the batteries of Apple’s MacBook to allow persist
Lol, well I suppose I just have to be careful as always. This reminds me of a similar hack that destroyed the Dreamcast via PSO, I was getting afraid everytime I logged on. It's scary what some people can do with technology but that's the risk living in the online world.
25/07/2011 10:25 PM
Visit this user's website Find all posts by this user Quote this message in a reply
andrewcc
OMG they killed Kenny!
Worlds End

Posts: 2,493.2479
Threads: 305
Joined: 5th Sep 2007
Reputation: 1.43435
E-Pigs: 49.4291
Offline
Post: #10
RE: Researcher hacks the batteries of Apple’s MacBook to allow persist
wow... and i still know people who'll defend mac's "no viruses" argument till their death......

[Image: spideysigcopycopycopy.png?t=1308548347]

[Image: ccandrew.png]



Object Link

Click here to view embedded webpage

Please note that by activating this feature, there may be undesirable consequences


Page: http://bandcamp.com/EmbeddedPlayer/v=2/track=2423211127/size=venti/bgcol=FFFFFF/linkcol=4285BB/
(This post was last modified: 29/07/2011 05:22 AM by andrewcc.)
29/07/2011 05:22 AM
Find all posts by this user Quote this message in a reply
Post Reply 


Forum Jump:


User(s) browsing this thread: 1 Guest(s)

 Quick Theme: