If you are looking for security holes on your laptop, there is a new place to check: the battery. According to the researcher, built-in controllers on laptop batteries are hacked, says the researcher, as some manufacturers, including Apple, do not change passwords that prevent changes to the firmware of the smart battery system in accordance with the study of laptop batteries conducted by security researcher Charlie Muller.
The data presented by senior security researcher Charlie Miller at the Black Hat conference next week show that Apple batteries have two fixed passwords that allow the company to update the firmware of the laptop. Unfortunately, these passwords make the smart battery system hacked.
Miller, senior security consultant in Akkuvan, dismantled the batteries, identified their components and found that the batteries sold to Apple have a default password for unlocking and another recognizable password for accessing the firmware. With these two passwords, you can monitor the communication between the laptop and the battery – and run your own programs.
“I definitely completely destroyed this first and most important level of protection,” says Miller. “The main brain of an operation is a chip, and I can control it now.”
In a white research paper, Miller described an intelligent battery system consisting of three microcircuits, two of which protect against possible electrical problems. In addition, each battery cell has a thermal fuse that disconnects the power supply to and from the cell when its temperature is too high.
Batteries are delivered in locked or closed mode, but the default password in the battery manufacturer’s specifications allows you to unlock the battery, says Miller. While reconstructing the upgrade of the MacBook battery, Miller found a password that allows full access to the system.
While Miller limited his studies to MacBook batteries, studies could be applied to other laptops other than Apple. Nevertheless, he tested one non-working battery and found that the manufacturer used a non-standard password, which limited his ability to hack the system.
Miller had no problems with restraining batteries, but he did not fulfill his original plan: overheat or even blow up laptop batteries. “I can definitely do this so that the battery stops responding,” he says. “I’ve done it seven times already.”
In the end, Miller discovered that he could rewrite the firmware of the smart battery so that the battery responded as the attacker wanted. He suggested that a program can be installed on the battery that allows malicious programs to withstand a clean installation of the system, turning the battery into a place where hidden attacks can be hidden.
Although Miller’s research did not reveal any “explosive” vulnerabilities, the study shows that testing hardware components can be fruitful even for software hackers, says Joe Grand, senior electrical engineer for Grand Idea Studio and a well-known hardware hacker.
“The only thing that really illustrates Charlie’s work is the combination of hardware and software,” Grand says. “To crack hardware, you no longer need to be a hardware guy, you can be a software developer, all these embedded systems are just small software systems, small computers.”
However, it is unlikely that attackers will focus on laptop batteries. According to Grand, there are no real motives for profits in laptop smart battery options.