Apple hacking PWN2OWN supremo and security researcher Charlie Miller is preparing to reveal just how to hack an Apple MacBook battery. Yep, you read that right: Apple battery hacking could be coming to a MacBook near you soon. Well, near you if you happen to be in Las Vegas for the annual Black Hat conference in August that is. Otherwise, DaniWeb suspects you probably won't see any such thing.
Miller, the principal research consultant with Accuvant Labs, says he will demonstrate how to reverse engineer both the MacBook embedded controller (that controls battery charging) firmware and the firmware flashing process in order to completely reprogram the smart battery itself in effect. Something that Miller reckons could enable hackers to overcharge the battery to the point of potentially causing a fire.
The word to focus on here is 'potentially' though as, to the best of our knowledge, Miller has not been able to set fire to a battery or explode a MacBook as of yet using this particular hacking technique.
That said, the concept of being able to factory reset the battery controller to any defaults you like is an interesting one, especially as the changes made will be persistent and able to survive an OS reinstall. Malware authors will, no doubt, be listening carefully at Black Hat in August.
Tal Be'ery, Web security research team leader at Imperva, has been taking notice already and told DaniWeb that while the vulnerability is certainly an original one that reflects the deep security knowledge of the researcher, he doesn't expect to see it in the wild as it would require physical access to the battery itself and makes no economic sense to the bad guys. "Why would hackers invest time and money in the R&D of a new tool" Be'ery told DaniWeb, continuing "a new tool that would cost 130$ per deployment (the cost of a battery) and be only relevant for a very selected group (specific battery model of apple laptops) and require physical access when they can infect millions of machines using OS exploits and social engineering with a very low cost per infection - without even getting up from the couch?"
So should you be worried about the bad guys making your MacBook go bang? No, not according to Be'ery: "The general public should not be worry with this super cool attack - but invest in protection from the usual threats - by installing Antivirus software and being aware of social engineering attacks."
