Apple MacBooks PERMA-felled by battery hack attacks

qubit · Jul 23, 2011

While reading this, remember that Apple doesn't let you change the battery, making the attack permanent...

Now that Apple has endowed the Mac operating system with state-of-the-art security protections, a researcher has devised new attacks that target the machine's battery.

Charlie Miller, well known for his numerous attacks on iPhones and Macs, may not have achieved his ultimate objective of making a Mac spontaneously combust, but he has figured out how to permanently disable the battery. And in time, he said, it also may be possible to remotely hijack a machine by manipulating the firmware on one of the stored power supply's chips.

"What I found was you can make any change you want to the software that runs on the battery," Miller, who is principal research consultant at security firm Accuvant and the other coauthor of The Mac Hacker's Handbook, told The Reg. "I also saw that you can mess up the chip so it won't function anymore. You can't recover from that. You couldn't even take it to the genius bar."

The flaw making all of this possible is the result of Apple's decision to ship MacBook batteries without changing the passwords needed to run updates or make low-level changes to their embedded controllers. By reverse-engineering past updates, he had no trouble deducing the pass codes.

With these, Miller was able to make changes to the battery firmware that bricked the battery. The hack doesn't sound all that interesting until you consider that any changes will survive a complete reinstallation of the MacBook’s operating system. Miller theorized that if there's a way to cause the firmware to exploit a vulnerability in Mac OS X, his battery hack could open the door to system compromises that persist even after disinfection of reinstallation.

Miller will be presenting his findings at next month's Black Hat security conference in Las Vegas. At his talk, he will also release a software tool that patches the vulnerability by changing the default passwords that ship with MacBooks. ®

You couldn't make this up could you? :shadedshu

The Register

Red_Machine · Jul 23, 2011

Hardware-level security vulnerabilities? Apple SERIOUSLY fucked up here...

twilyth · Jul 24, 2011

security through obscurity? They really should know better.

System Name	Quantumville™
Processor	Intel Core i7-2700K @ 4GHz
Motherboard	Asus P8Z68-V PRO/GEN3
Cooling	Noctua NH-D14
Memory	16GB (2 x 8GB Corsair Vengeance Black DDR3 PC3-12800 C9 1600MHz)
Video Card(s)	MSI RTX 2080 SUPER Gaming X Trio
Storage	Samsung 850 Pro 256GB \| WD Black 4TB \| WD Blue 6TB
Display(s)	ASUS ROG Strix XG27UQR (4K, 144Hz, G-SYNC compatible) \| Asus MG28UQ (4K, 60Hz, FreeSync compatible)
Case	Cooler Master HAF 922
Audio Device(s)	Creative Sound Blaster X-Fi Fatal1ty PCIe
Power Supply	Corsair AX1600i
Mouse	Microsoft Intellimouse Pro - Black Shadow
Keyboard	Yes
Software	Windows 10 Pro 64-bit

System Name	Chachamaru-IV \| Retro Battlestation
Processor	AMD Ryzen 9 5900X \| Intel Pentium II 450MHz
Motherboard	ASUS ROG STRIX X570-F Gaming \| MSI MS-6116 (Intel 440BX chipset)
Cooling	Noctua NH-D15 SE-AM4
Memory	32GB Corsair DDR4-3000 (16-20-20-38) \| 512MB PC133 SDRAM
Video Card(s)	nVIDIA GeForce RTX 4070 FE \| 3dfx Voodoo3 3000
Storage	1TB WD_Black SN850 NVME SSD (OS), Toshiba 3TB (Storage), Toshiba 3TB (Steam)
Display(s)	Samsung Odyssey G5 27" @ 1440p144 & Dell P2312H @ 1080p60
Case	SilverStone Seta A1 \| Beige box
Audio Device(s)	Creative Sound Blaster AE-7 (Speakers), Creative Zen Hybrid headset \| Sound Blaster AWE64
Power Supply	EVGA Supernova 750 G2 \| 250W ASETEC
Mouse	Roccat Kone Air\| Microsoft Serial Mouse v2.0A
Keyboard	Vortex Race3 \| Dell AT102W
Software	Microsoft Windows 11 Pro \| Microsoft Windows 98SE

Apple MacBooks PERMA-felled by battery hack attacks

qubit

Overclocked quantum bit

Red_Machine

twilyth

Guest