Charlie Miller – researcher at Accuvant Labs exposes a security hole that can allow hackers to install malicious software using the batteries in laptops like Apple’s Macbook line, this includes the newly updated Macbook Air, and Macbook Pros. According to Miller, these batteries includes a chip with built-in firmware that communicates with the operating system for optimum battery life and performance. The firmware is protected with a default password, and anyone who knows the password can modify the firmware allowing it to install malicious software on your Mac, steal personal information, send wrong information to the OS that
could possibly make the battery explode, get bricked and rendered useless. Although these MacBook batteries includes a failsafe circuitry that breaks the circuit at extreme temperatures to prevent possible explosion, Miller believes that it’s still possible to blow up the device remotely.
The good news is that the hole can be fixed by creating a random password to lock the firmware and prevent possible access to the battery controller. This however will also prevent Apple from installing legit software updates. Miller calls this patch as “caulkgun”, and will be presented at the Black Hat conference this August. Apple can simply release a firmware update that will fix the issue, but until then Miller’s Caulkgun patch will save you from exploding batteries.
Read the entire story at Forbes Blog.
via MSNBC, thanks Grace.
Leave a Reply