Updatable firmware could be the new target for hackers

At the upccoming Black Hat conference, security researcher Charlie Miller plans to disclose a way to hack the battery microcontrollers on Apple notebooks and how this hack could be used to brick batteries, steal data or possibly even cause a fire or an explosion.
Written by Adrian Kingsley-Hughes, Senior Contributing Editor

A few days ago security researcher Charlie Miller announced that he will disclose information at the next Black Hat conference about how he figured out a way to hack the battery microcontrollers on Apple notebooks and how this hack could be used to brick batteries, steal data or possibly even cause a fire or an explosion.

It's an interesting hack. Miller started with a battery firmware update released by Apple a few years ago. Buried within this update he found the password (which turned out to be the default password for the component as set by the manufacturer) and set of commands needed to put the battery microcontroller into 'full access mode.' This mode allowed low-level access to the controller and offered Miller the chance to make it do things it wasn't supposed to do, such as lie about the charge state of the battery. He also managed to brick batteries - seven in all, each costing $130.

So, other than bricking batteries (something that a mischievous hacker might be happy doing), what else can be done? Well, Miller thinks that this could be used to install malware onto a system in such a way that it would survive a total disk wipe and BIOS reflash - persistent malware that could only be eradicated through reflashing the affected component.

Now, the researcher (and most of the news pieces covering it) latched onto this being an 'Apple' issue, but in reality it's a problem affecting pretty much anything that has reflashable or updatable firmware. Paul Ducklin, head of technology at Sophos Asia Pacific, had this to say:

So, are Apple laptop batteries the new attack vector? Could a virus set your beloved Macbook on fire?

The answer to the first question is: no more so that any other hardware in your system with field-updatable firmware. That includes the motherboard itself, your wireless card, your 3G modem, network card, graphics device, storage devices and much more. Including, of course, the battery pack. And - as Apple fans reading this article will be happy to note - the risk is not unique to Apple, though Charlie Miller's paper is.

So this extends well beyond the Apple ecosystem (and even computers as a whole) and is something that affects everything with updatable firmware. If the bad guys can gain access to that firmware, then there's a possibility that rogue code could be installed. It's as simple as that.

But what about using this hack to make batteries explode? Could that happen? Well, yes ... but ...  batteries are pretty robustly built, and OEMs are keen to make sure that they don't explode (for the sake of liability) so the modern notebook battery is fitted with numerous safeguards to protect against the battery bursting in flames or exploding. While the safety features built into some batteries do fail (a little more often that I'd like so see, judging by the number of recalls I come across), on the whole notebook battery technology is pretty safe (I'm typing these words with a Dell sitting on my lap, behaving itself).

So, is there an issue here? Yes. Is it an Apple issue? No. Is it something that the tech industry needs to think about? Absolutely. Is this something that people should start panicking over? Absolutely not!

Side-note: Miller says he plans to release a tool called 'Caulkgun' that will prevent hackers from accessing the battery microcontroller by changing the password to a random string of digits. Personally I'd be wary of running this because it will prevent Apple updates relating to the battery controller from being installed.

Editorial standards