Yeah, you read that right. A security researcher by the name of Charlie Miller has managed to hack batteries belonging to Apple’s Macbook line of notebooks and has uncovered a potential vector for malware and viruses that hasn’t been approached before. “These batteries just aren’t designed with the idea that people will mess with them,” Miller says. “What I’m showing is that it’s possible to use them to do something really bad.”
Modern notebook batteries aren’t in the same league with batteries you buy for your flashlight at the store – they usually have a microcontroller embedded in them that monitors the charge level of the unit, allowing the operating system and the hardware to know when to stop charging once it’s full. Miller discovered that the chips that come with both Macbooks and Macbook Airs ship with default passwords on them, which potentially could allow anyone who know the default passwords to infiltrate and re-purpose them for nefarious purposes, including bricking your battery on purpose, making it overheat till it caused a fire and more. It would even be possible to put in malware, and you’d probably wouldn’t even know if you were infected. Even if you did, it (the malware) would be extremely difficult to remove. “You could put a whole hard drive in, reinstall the software, flash the BIOS, and every time it would reattack and screw you over. There would be no way to eradicate or detect it other than removing the battery,” Miller says.
For his part, Miller’s already contacted Apple and Texas Instruments about the potential vulnerability, and is releasing a fix for the issue code named “Caulkgun” at the Black Hat security conference in August. Caulkgun changes a users’ battery firmware’s passwords to a random string so that would be attackers won’t be able to compromise your system that way.