As a Mac user, I speak with dozens of other Mac OS X users every day, and typically come to conversations with them in regards to Windows and how” unsafe and insecure” it is when it comes to infections from viruses. It’s a common illusion that Macs are totally secure, and that they cannot be harmed, which isn’t entirely the case. Anything with an internet connection can be hacked into and harmed, and in this case… the hack can come from the most unlikely of places!

At the Black Hat security conference in August, a man named Charlie Miller plans to expose a very big security flaw that he uncovered while messing around with a software update in 2009 that was released by Apple. The update was meant to fix certain battery issues. Miller seen this as an opportunity to explore. He researched and dug into a very little-known place in computers: the chips within the batteries.

You see, modern laptop batteries actually have micro-controllers within them that do all sorts of monitoring within the unit, and this allows the operating system as well as the charger plugged into the wall to act the way they were designed to act, and respond to power levels as needed. When your laptop is fully charged, for instance, the amount of power feeding into your computer is far less than when it’s dead and plugged in. It’s regulated by microprocessors, which send data to the appropriate places that help regulate the battery. This is extremely necessary, and it’s the prime reason why your computer knows when it’s fully charged, and when not to juice itself up so much when the unit is powered off. Simply put: Your battery has a brain too.

However, Charlie Miller went on and examined several Macs, and he found a disastrous vulnerability. The chips within the batteries are shipped with default passwords, and anybody who found out this password (not difficult) and got into the system could literally play around with anything they wanted in regards to your laptops sole ability to function, and even go as far as to render a battery permanently “bricked”, meaning it could essentially turn it into a $130 paperweight.

Hackers could also do other terrible things to the battery, such as installing malware into the chip, which could easily infect the computer and repeatedly hammer it with whatever malicious code they chose. If they wanted to be really mean, they could disable any and all functions that allow the battery to know its limits, and juice it up fast enough to overheat quickly. Think about it… you thought Windows viruses and Malware was bad? – At least those don’t make your battery explode while you are using it. Ever been PHYSICALLY harmed by a computer infection?

“These batteries just aren’t designed with the idea that people will mess with them. What I’m showing is that it’s possible to use them to do something really bad.” (Forbes)

Forbes goes into detail on the matter, describing how Miller went about finding the vulnerability, and what he was capable of, using this knowledge:

Miller discovered the two passwords used to access and alter Apple batteries by pulling apart and analyzing a 2009 software update that Apple instituted to fix a problem with Macbook batteries. Using those keys, he was soon able to reverse engineer the chip’s firmware and cause it to give whatever readings he wanted to the operating system and charger, or even rewrite the firmware completely to do his bidding.

Miller apparently bricked seven batteries in the process of finding the exploit. This security vulnerability would likely not even be found by normal IT guys, and repair people. I mean, who checks the battery? Would a normal buy behind the desk at GeekSquad be able to figure this one out? If they didn’t, and instead decided to simply reinstall the OS, or remove files to try and help it, it wouldn’t help, and the damn battery would just continue to hit you with everything it’s got! (This is all hypothetical of course, as an attack of this nature hasn’t ever happened).

“You could put a whole hard drive in, reinstall the software, flash the BIOS, and every time it would reattack and screw you over. There would be no way to eradicate or detect it other than removing the battery.”

Honestly… has Apple even considered this as a threat to an attack? Miller says that he wasn’t about to go making explosions while working in his home, but claims that it’s “very possible” to input code remotely, using this exploit, that would trigger an explosion of another workstation.

Consider for a moment the effects this would have on you. There you are, sitting in your chair working on some term paper that you don’t give a crap about, when suddenly you notice your computer is very hot. You pull away from it briefly, but think to yourself “this thing has gotten hot before… no worries, that’s what the fan is for.” You continue typing, but you really don’t feel good about it. It gets to the point of grave concern before, without any apparent reason at all, busting out and exploding on the desk, catching fire to nearby papers and such (or the desk itself, if you got a wooden desk that’s flammable) Granted, I don’t know exactly how bad the battery could really damage you, considering Apple has safeguards built within the battery to prevent explosions from occurring (such as fuses made of an alloy that separates at high temperatures, breaking the circuit to prevent further damage).

Still though… Miller says with this type of access and control, “you could presumably do it.”

The good news is that there is a cure for this insane security exploit. Miller has a way to patch it up for good, and he’s expected to give his rundown on the matter at the BlackHat Security Conference in August. He’ll detail how he found it, what it is, and most importantly, how to prevent it from becoming and issue. He calls his fix “Caulkgun” and he’ll be giving details to everyone, including Apple of course, on how this gets taken care of quickly. Miller’s Caulkgun fix essentially randomized the default password for you, so that hackers can’t get into it anymore using the exploit he found. The only negative to this fix is that this also keeps Apple out of the battery as well. While you may not care about that so much, remember that it’s updates such as the one Miller tore apart that help maintain battery life and performance sometimes. This would prevent future firmware updates for your battery as well.

Just gotta hope your battery works good as it is then, right? Of course, as we can easily expect, Apple will undoubtedly jump on this, if they haven’t already, and may have a fix of their own coming as well.

That shit is scary though. Mac users… your OS may be safer from attack due to being a part of a smaller community (and being less work a hacker’s time and effort), but don’t think that you are immune. You aren’t.

This also doesn’t mean that PC users are immune to this type of thing either. Batteries all have mostly the same components, including chips that help regulate the system’s power. Windows PCs, and Linux systems alike, could all be vulnerable to this. It just so happens, however, that a series of Macs were used in finding this.

Sources: (Forbes, Engadget)

HotTips! Readers: Get Great VPS Wordpress Hosting Cheap!

HotTips! Readers can enjoy great savings with a hosting package at Pryor Media! Your WordPress website will never be that slow-loading junk that you get with shared hosts! Learn what makes Pryor Media’s WordPress Hosting different from the rest, and use coupon code “HOTTIPS” to save 20% off of your hosting subscriptions!

Learn More Here