A few months ago a considerable amount of Mac users were plagued by Mac Defender malware, but a new security researcher is reporting the battery in most Apple laptops has a serious vulnerability as well and the microcontroller inside the batteries for Macbook, Macbook Pro, and Macbook Air laptops are all vulnerable to the security hole. That change began in 2009 with the 17-inch MacBook Pro and trickled down to the other models, resulting in considerable battery life gains at the expense of easy replacement………..
Charlie Miller‘s latest discovery is a hack found where no one else would ever bother looking: the battery of an Apple laptop and he is well-known and active hacker due to his regular hacks of popular web browsers at CanSecWest. The chip monitors the battery’s temperature and level of charge, among other things. Those chips can be remotely controlled by hackers using a default password that Miller found on a website of the chip’s creator, Texas Instruments. Apple never changed the default password, Miller said. Miller‘s discovery, first reported by Forbes.com, is the latest potential security flaw found in Apple‘s product line. Earlier this month, security experts disclosed a bug in Apple’s iOS operating system that could allow criminal hackers to gain remote access to iPhones, iPads and iPod Touch devices, Reuters reported. Apple said it is fixing that issue in an upcoming software update. Miller found he could ruin laptop batteries by altering the chip’s code. Not wanting to set his home on fire, Miller stopped there. But he imagines darker possibilities for hackers if Apple does not fix the security flaw.
For example, hackers could install malware on the battery that would not be detected by anti-virus software because it would not appear on the hard drive, he said. The malware could attack the laptop’s operating system again and again, even after the user installed a new hard drive. Miller, a former security researcher for the National Security Agency, said it’s possible that Apple has taken extra security measures to prevent that from happening, or worse, causing a battery to overheat and catch fire. He said he reported his findings to Apple but did not hear back. An Apple spokeswoman did not return a call for comment. Since his discovery, Miller said he has received some criticism. “People thought maybe I had blown up batteries, but I haven’t blown up anything,” he said. “It’s a step in that direction, but I don’t really know what all the implications are.” Miller said he wrote a paper on the security flaw that he plans to present at the Black Hat security conference in August in Las Vegas, where he also plans to unveil a solution called a “Caulkgun” that changes the battery’s default password. While the security flaw presents a potential danger, Miller said most users should not be overly concerned about a hacker taking over their laptop battery.