Apple hacking PWN2OWN supremo and security researcher Charlie Miller is preparing to reveal just how to hack an Apple MacBook battery. Yep, you read that right: Apple battery hacking could be coming to a MacBook near you soon. Well, near you if you happen to be in Las Vegas for the annual Black Hat conference in August that is. Otherwise, DaniWeb suspects you probably won't see any such thing.

Miller, the principal research consultant with Accuvant Labs, says he will demonstrate how to reverse engineer both the MacBook embedded controller (that controls battery charging) firmware and the firmware flashing process in order to completely reprogram the smart battery itself in effect. Something that Miller reckons could enable hackers to overcharge the battery to the point of potentially causing a fire.

The word to focus on here is 'potentially' though as, to the best of our knowledge, Miller has not been able to set fire to a battery or explode a MacBook as of yet using this particular hacking technique.

That said, the concept of being able to factory reset the battery controller to any defaults you like is an interesting one, especially as the changes made will be persistent and able to survive an OS reinstall. Malware authors will, no doubt, be listening carefully at Black Hat in August.

Tal Be'ery, Web security research team leader at Imperva, has been taking notice already and told DaniWeb that while the vulnerability is certainly an original one that reflects the deep security knowledge of the researcher, he doesn't expect to see it in the wild as it would require physical access to the battery itself and makes no economic sense to the bad guys. "Why would hackers invest time and money in the R&D of a new tool" Be'ery told DaniWeb, continuing "a new tool that would cost 130$ per deployment (the cost of a battery) and be only relevant for a very selected group (specific battery model of apple laptops) and require physical access when they can infect millions of machines using OS exploits and social engineering with a very low cost per infection - without even getting up from the couch?"

So should you be worried about the bad guys making your MacBook go bang? No, not according to Be'ery: "The general public should not be worry with this super cool attack - but invest in protection from the usual threats - by installing Antivirus software and being aware of social engineering attacks."

185 Views
About the Author

A freelance technology journalist for 30 years, I have been a Contributing Editor at PC Pro (one of the best selling computer magazines in the UK) for most of them. As well as currently contributing to Forbes.com, The Times and Sunday Times via Raconteur Special Reports, SC Magazine UK, Digital Health, IT Pro and Infosecurity Magazine, I am also something of a prolific author. My last book, Being Virtual: Who You Really are Online, which was published in 2008 as part of the Science Museum TechKnow Series by John Wiley & Sons. I am also the only three times winner (2006, 2008, 2010) of the BT Information Security Journalist of the Year title, and was humbled to be presented with the ‘Enigma Award’ for a ‘lifetime contribution to information security journalism’ in 2011 despite my life being far from over...

Member Avatar
Member 949455

So should you be worried about the bad guys making your MacBook go bang? No, not according to Be'ery: "The general public should not be worry with this super cool attack - but invest in protection from the usual threats - by installing Antivirus software and being aware of social engineering attacks."

Interesting article.

I think OS X / Macbook has a software includes protection from viruses and malware.