The chip that helps control your Mac notebook's battery could be the latest target for attackers.
A report in Forbes today details the findings of Accuvant security researcher Charlie Miller, who claims to have found rather lackluster security guarding the firmware that controls various notebook battery functions and data stores.
Culling through a battery firmware update Apple released back in 2009, Miller pulled out two passwords that would grant access to that firmware, giving would-be attackers the ability to alter readings sent back to the OS and even add small software programs that stay off the hard drive. Miller noted that he outright permanently disabled seven notebook batteries during testing.
A key part of the exploit, Miller told Forbes, was that the batteries use the same passwords, making it an easy hack once you have the right credentials. Potentially complicating that is the fact that Apple builds its batteries into its notebook computers versus making them removable. That change began in 2009 with the 17-inch MacBook Pro, and trickled down to the other models, resulting in considerable battery life gains at the expense of easy replacement. This means if a battery were to somehow be compromised, it's a trickier fix. At the same time, it means potential attackers need to gain control of that system before they can do anything, short of taking apart the machine.
So far the hack is a proof of concept, and has not yet been documented in the wild. Miller told Forbes he plans to detail the exploit as well as show off a fix at next month's Black Hat security conference in Las Vegas.
An Apple representative declined to comment on Miller's findings.