Tweak

InsaneJournal

Tweak says, "There like, implants."

Username: 
Password:    
Remember Me
  • Create Account
  • IJ Login
  • OpenID Login
Search by : 
  • View
    • Create Account
    • IJ Login
    • OpenID Login
  • Journal
    • Post
    • Edit Entries
    • Customize Journal
    • Comment Settings
    • Recent Comments
    • Manage Tags
  • Account
    • Manage Account
    • Viewing Options
    • Manage Profile
    • Manage Notifications
    • Manage Pictures
    • Manage Schools
    • Account Status
  • Friends
    • Edit Friends
    • Edit Custom Groups
    • Friends Filter
    • Nudge Friends
    • Invite
    • Create RSS Feed
  • Asylums
    • Post
    • Asylum Invitations
    • Manage Asylums
    • Create Asylum
  • Site
    • Support
    • Upgrade Account
    • FAQs
    • Search By Location
    • Search By Interest
    • Search Randomly

personae490 ([info]personae490) wrote,
@ 2011-12-31 22:36:00

Previous Entry  Add to memories!  Tell a Friend!  Next Entry
Current mood: stressed

Researcher discovers way to hack Apple laptop batteries
Earlier, weon a battery charger that could infect your Windows PC. Now, a security researcher has discovered a way to "infect" the batteries, or rather, the chips that control the batteries, of MacBooks.

Laptop batteries have a microcontroller. That chip allows lithium-ion batteries to regulate their own heat (and hopefully keep, right) and to know when to stop charging, even if the laptop itself isn't on. The chip also allows the OS and charger to monitor the battery.

What Accuvant security researcher Charlie Miller discovered, and what he plans to present at the Black Hat security conference in August, is a way to hack into the microcontroller in Apple laptop batteries. It turns out that the chips in the batteries not only contain firmware that can be altered, they ship with one of two default passwords. firewall software With those passwords, anyone could rewrite the firmware to do whatever they want.

It's possible, Miller discovered, to write the firmware in such a way as to brick the battery. In fact, Miller posited, it's possible to write the firmware in such a way as to infect a laptop with malware. IT administrators, not used to thinking of a battery as the vector for malware, could re-image a laptop, only to find it infected again.

That sort of attack would require a vulnerability in the interface between the microcontroller and the operating system, which Miller said may not be much of a problem. Presumably Apple has never considered that as an attack vector, so its very possible its vulnerable," he.

Although Miller found a vulnerability, he also found a fix. At the Black Hat conference, he plans to release a tool called "Caukgun" that changes the microcontroller firmwares passwords to a random string. He also sent Apple his research so that they would be aware of the vulnerability.

One drawback to randomizing the password, however, is that with the password changed, Apple wouldn't be able to reprogram the firmware in the battery in the event of an issue. For example, if Apple discovered some sort of bug that caused overheating, one which could be fixed via a firmware upgrade, they wouldn't be able to execute that fix on any batteries that have had the password modified.

That's a negative to Miller's fix, but it's up to a user to determine just how big a negative it is. After all, Apple has releasedbefore for their laptop batteries, and they could do so in the future, as well.

How big is this vulnerability It's hard to say. Miller said, No one has ever thought of this as a security boundary. Its hard to know for sure everything someone could do with this.

(Post a new comment)

good luck
[info]vansaushoes
2012-01-04 02:24 am UTC (link)
good luck.
vans shoes
van shoes
van shoe

(Reply to this)

Home | Site Map | Manage Account | TOS | Privacy | Support | FAQs