The chip that helps control your Mac notebook's battery could be the latest target for attackers.
A report in Forbes today details the findings of Accuvant security researcher Charlie Miller, who claims to have found rather lackluster security guarding the firmware that controls various notebook battery functions and data stores.
Culling through a battery firmware update Apple released back in 2009, Miller pulled out two passwords that would grant access to that firmware, giving would-be attackers the ability to alter readings sent back to the OS and even add small software programs that stay off the hard drive. Miller noted that he outright permanently disabled seven notebook batteries during testing.
A key part of the exploit, Miller told Forbes, was that the batteries use the same passwords, making it an easy hack once you have the right credentials. Potentially complicating that is the fact that Apple builds its batteries into its notebook computers versus making them removable. That change began in 2009 with the 17-inch MacBook Pro, and trickled down to the other models, resulting in considerable battery life gains at the expense of easy replacement. This means if a battery were to somehow be compromised, it's a trickier fix. At the same time, it means potential attackers need to gain control of that system before they can do anything, short of taking apart the machine.
So far the hack is a proof of concept, and has not yet been documented in the wild. Miller told Forbes he plans to detail the exploit as well as show off a fix at next month's Black Hat security conference in Las Vegas.
An Apple representative declined to comment on Miller's findings.
Apple - USE TAG
reading•Researcher: Mac notebook batteries can be hacked
Nov 12•Black Friday 2018 smartwatch and fitness tracker deals: $50 off Fitbit Versa, $80 off Apple Watch
Nov 12•Alexa's Echo Buttons can trigger your smart home routines now
Nov 12•Best Black Friday deals 2018
Nov 12•iPhone XR shipments diluted by Apple iPhone XS, 8 and 7, analyst predicts