Friday, 22 July 2011

MAC: Security so bad, even your battery can get hacked

There's your problem, it's a virus!
   Charlie Miller's managed yet again to render several Macbooks, Macbook Pros and Airs useless after gaining total access to their battery's micro-controllers' firmware via a security hole. Evidently, the Li-ion packs for the line of laptops are accessible with passwords he dug up from an 2009 software update. He mentions that someone could "use them to do something really bad," including faulting charge-levels and thermal read-outs to possibly even making them explode. He also thinks hard-to-spot malware could be installed directly within the battery, repeatedly infecting a computer unless removed.
“You could put a whole hard drive in, reinstall the software, flash the BIOS, and every time it would reattack and screw you over. There would be no way to eradicate or detect it other than removing the battery.”
Have there been two years already?
     Miller has worked to fix the problems he’s exposing since Apple is likely to do nothing. At Black Hat he plans to release a tool for Apple users called “Caulkgun” that changes their battery firmware’s passwords to a random string, preventing the default password attack he used. Miller also sent Apple and Texas Instruments his research to make them aware of the vulnerability. I contacted Apple for comment but haven’t yet heard back from the company.
    Implementing Miller’s “Caulkgun” prevents any other hacker from using the vulnerabilities he’s found. But it would also prevent Apple from using the battery’s default passwords to implement their own upgrades and fixes. Those who fear the possibilities of a hijacked chunk of charged chemicals in their laps might want to consider the alternative, especially since Apple's products are engineered not to last more than 2 years, the updates you might get "might" not be the best ones.

Via: Forbes