• We've upgraded our forums. Please post any issues/requests in this thread.

Apple MacBooks PERMA-felled by battery hack attacks

qubit

Overclocked quantum bit
Joined
Dec 6, 2007
Messages
14,546 (3.98/day)
Likes
8,052
Location
Quantum Well UK
System Name Quantumville™
Processor Intel Core i7-2700K at stock (hits 5 gees+ easily)
Motherboard Asus P8Z68-V PRO/GEN3
Cooling Noctua NH-D14
Memory 16GB (4 x 4GB Corsair Vengeance DDR3 PC3-12800 C9 1600MHz)
Video Card(s) Zotac GTX 1080 AMP! Extreme Edition
Storage Samsung 850 Pro 256GB | WD Green 4TB
Display(s) BenQ XL2720Z | Asus VG278HE (both 27", 144Hz, 3D Vision 2, 1080p)
Case Cooler Master HAF 922
Audio Device(s) Creative Sound Blaster X-Fi Fatal1ty PCIe
Power Supply Corsair HX 850W v1
Software Windows 10 Pro 64-bit
#1
While reading this, remember that Apple doesn't let you change the battery, making the attack permanent...

Now that Apple has endowed the Mac operating system with state-of-the-art security protections, a researcher has devised new attacks that target the machine's battery.

Charlie Miller, well known for his numerous attacks on iPhones and Macs, may not have achieved his ultimate objective of making a Mac spontaneously combust, but he has figured out how to permanently disable the battery. And in time, he said, it also may be possible to remotely hijack a machine by manipulating the firmware on one of the stored power supply's chips.

"What I found was you can make any change you want to the software that runs on the battery," Miller, who is principal research consultant at security firm Accuvant and the other coauthor of The Mac Hacker's Handbook, told The Reg. "I also saw that you can mess up the chip so it won't function anymore. You can't recover from that. You couldn't even take it to the genius bar."

The flaw making all of this possible is the result of Apple's decision to ship MacBook batteries without changing the passwords needed to run updates or make low-level changes to their embedded controllers. By reverse-engineering past updates, he had no trouble deducing the pass codes.

With these, Miller was able to make changes to the battery firmware that bricked the battery. The hack doesn't sound all that interesting until you consider that any changes will survive a complete reinstallation of the MacBook’s operating system. Miller theorized that if there's a way to cause the firmware to exploit a vulnerability in Mac OS X, his battery hack could open the door to system compromises that persist even after disinfection of reinstallation.

Miller will be presenting his findings at next month's Black Hat security conference in Las Vegas. At his talk, he will also release a software tool that patches the vulnerability by changing the default passwords that ship with MacBooks. ®
You couldn't make this up could you? :shadedshu

The Register
 
Joined
Oct 1, 2010
Messages
2,193 (0.83/day)
Likes
633
Location
Marlow, ENGLAND
System Name Chachamaru-III | Retro Battlestation
Processor Intel Core i7 3770K | Intel Pentium II 450MHz
Motherboard BIOSTAR TZ77XE4 (Intel Z77 Chipset) | MSI MS-6116 (Intel 440BX chipset)
Cooling Thermaltake CLW0217 Water 2.0 Extreme, case fully populated
Memory 16GB G.Skill Ares 1600MHz (2x8GB) [30 10-10-10] | 512MB PC133 SDRAM
Video Card(s) MSI GeForce 1070 Gaming Z, Intel HD 4000 (for secondary monitors) | MSI nVIDIA Vanta 16MB
Storage 250GB SK hynix SSD (OS), Seagate 3TB (Storage), Toshiba 3TB (Steam), Samsung 1TB (Personal Files)
Display(s) Samsung 2443BWT-1 24" @1920x1200, Dell 1708fp 17" @1280x1024 & Eizo FlexScan L887 20" @1600x1200
Case Coolermaster HAF 922 | Beige box
Audio Device(s) Creative Sound Blaster Z (Speakers), Sound Blaster Audigy 2 (Headphones) | Yamaha Audician 32 Plus
Power Supply EVGA Supernova 750 G2 | 250W ASETEC
Mouse Microsoft Wireless Laser Mouse 6000 v2.0 | Microsoft Serial Mouse v2.0A
Keyboard UNICOMP Classic | Dell AT102W
Software Microsoft Windows 7 Ultimate 64-bit | Microsoft Windows 98SE
#2
Hardware-level security vulnerabilities? Apple SERIOUSLY fucked up here...