Does the idea of a hacker being able to gain access to your Macbook's battery and cause it to spontaneously combust at the flick of a button sound frightening? Well, the bad news is that such a hack actually does exist, and it is none other than security researcher Charlie Miller who discovered the existence of such a vulnerability which could potentially allow hackers to exploit and completely destroy a Macbook's battery on a hardware level by exploiting the aforementioned vulnerability.
Dealing with exploding batteries on notebooks can be a rather frightening affair, no? Well, if the thought of having a notebook battery pack suddenly go up in clouds of flames right before your face sounds like the thing which will give you nightmares for countless nights on end, this latest piece of news is definitely not going to be for the weak-hearted. Apparently, a security researcher by the name of Charlie Miller has discovered a hardware vulnerability in Apple's notebook batteries which could potentially allow hackers to remotely gain access to the batteries and rig it to catch fire without any warning.
Sounds ridiculous? Well, not exactly, especially if Miller's explanation of how the hack works is of any indication. Apparently, the problem lies in the fact that modern laptops utilize what are known as "smart batteries", which make use of controller chips to monitor its status and issue commands on when it should stop charging and turn itself off, among many other tasks. And unfortunately for Macbook owners, Apple "ships these chips with their passwords set to the default", an oversight which Miller claims can be exploited to allow an attacker to gain access to the Macbook on a hardware level. Once inside, the attackers can potentially do enough damage to "ruin the computer at will", such as sabotaging the cells in such a way that they explode, or by leaving malware on the chip "to infect the computer over and over again".
However, it seems that there is some light at the end of the tunnel. While a report by Maximum PC has revealed that Miller still plans to demonstrate the hack at the upcoming Black Hat Security conference to highlight the issue, it also claims that Miller has got every intention to patch this issue by releasing a software tool known as Caulkgun to "change the firmware password on the chips to a random string of numbers".
Many thanks to bianco for this one.
Source: Maximum PC