WIRED Security Latest

Silicon Valley & Technology - Voice of America

InfoWorld Security

The Register - Security

IEEE Spectrum Computing Channel

Cyberlaw - Stanford Center for Internet and Society

Help Net Security - News

Jul 24, 2011

Apple Laptops Battery Vulnerability


Charlie Miller, a well known and respected computer security researcher, made news last week when he announced that he found an Apple battery vulnerability which could give an attacker the power to invade a Macbook.

Modern laptop batteries include a microcomputer that takes care of charging, protecting from overheating, and regulating all functions the battery supports. This vulnerability could open a hole into the program running on the microprocessor, so that an intruder can manipulate the battery operations, and possibly take control of the computer itself. Miller examined the batteries in some Apple products, and found disturbing evidence in Macbooks, Macbook Airs, and Macbook Pros, supporting that a malicious hacker can hijack the microprocessor that controls all battery functions. As the news sources report, this is possible because the battery chips are shipped with the default passwords, so that anyone can guess how to enter into the microcomputer program.

In theory this means that a hacker can choose to drain the battery, overheat it, or even explode it with unpredictable results. What's more, he can even find a way into the computer itself.

Well, this is unsettling news, but let's not panic, yet.

To my understanding, Miller has found that it is possible to load malware code into the battery chips, but he has not found yet how to transfer code from the battery microprocessor to the computer itself and take control of a Macbook. Also, although a battery explosion is a theoretical possibility, the researcher has not actually caused an explosion by exploiting this vulnerability.

In the coming Black Hat Security Briefings Conference next August, Charlie Miller plans to publicly present his findings, possibly give more proof of concept of these dangers, and offer a fix to this vulnerability.

However, with some imagination, one can figure what would happen if a chain of pirate Apple stores, also in the news last week, expand their operations and alliances with rogue manufacturers of malware loaded electronic chips, and start delivering fake Macs in the world markets.

IEEE Annals of the History of Computing

Here's a phish you might not spot - 60 Sec Security

Hackaday Blog

Biggest Information Security and Cybersecurity Misconceptions

Computer History Museum Videos

Slashdot: Your Rights Online

Public Key Cryptography: Diffie-Hellman Key Exchange

ComputerWeekly.com - When IT Meets Politics

Nextgov.com News Articles

Electronic Privacy Information Center

SecurityWeek

European Public Policy Blog