Hacker: Your MacBook’s Battery Is Vulnerable To Viruses, Malware and Meltdown

Hacker: Your MacBook’s Battery Is Vulnerable To Viruses, Malware and Meltdown

Still worried about MacDefender? That’s nothing: a new security vulnerability in MacBook batteries means that it’s possible that future hackers won’t just try to steal your credit card numbers, but might actually cause your computer to meltdown instead.

The vulnerability was discovered by Accuvant security researcher Charlie Miller, who says that Apple’s MacBook batteries use default passwords on their MacBooks.

Why’s that a problem? Well, because the batteries use default passwords, the battery controller can be compromised by any malicious hacker who knows the password, giving him access to the low level hardware. This security hole can then be exploited in various ways, from just causing the battery to stop functioning to auto-installing malware. It can even cause full on overheating.

Miller got the passwords by backwards engineering one of Apple’s 2009 battery update.

The good news is that right now, this isn’t a major security threat. To get remote access to the battery of your MacBook, a malware developer would first have to figure out a way to bypass OS X’s security measures, which isn’t an easy task.

If that doesn’t set your mind at ease, though, don’t worry: while Apple susses the issue out, Miller intends on releasing his own fix for the problem called Caulkgun, which will randomize your battery’s password.

  • Nutz320

    Holy SHIT! Battery passwords?

  • reactor1

    Holy Crap! A hacker just got control of my Macbook, drove it to the liquor store and made it buy corn nuts… How did he know I HATE corn nuts?

    Move along sir…

  • unusedcrayon

    So that image about hackers being able to make your computer explode was true. Well shit.

  • CharliK

    I’m sorry but this sounds like a pile of BS. Or at least some serious FUD. As the last bit says, before you have to worry about your battery having a password, someone has to get back the rest of the OS security. Unless you are on an unsecured wifi with all sharing on and no password on your account, what are the changes. 

  • haolema2
  • Hampus

    It hasn’t been proven in real life and in competitions like pwn2own that both there are many ways to get access to a computer trough safari, adobe reader and so on…

  • Hampus

    It hasn’t been proven in real life and in competitions like pwn2own that both there are many ways to get access to a computer trough safari, adobe reader and so on…

  • Hampus

    Thing about this is that if battery controls have passwords with which you can do all kinds of nasty things this probably applies to all normal Windows PCs too.
    Just a matter of figuring out the password.

  • CharliK

    You show me one person that has even come close to using something like Safari to get down to a firmware level on a computer, cause I haven’t seen it. All the folks at places like pwn2own seem to be tossing out MacDefender style stunts. And in a few cases, the hole that they got in through was fixed before or within hours of the compet. 

  • huaqianba
  • huaqianba
  • ichiroa

    I kind of have a feeling this is not really a big deal. I don’t know for a fact but when Apple releases “Battery update” I would think Apple is using the password this guy discovered so Apple can flash the battery’s chip. Randomizing the password might break this function?

  • MatsSvensson

    Also , the screws that holds the boxes together all have “0000″ as password.
    Just imagine what could happen if hackers gain access to those!
    =O

  • iHate_Is_Back

    A stupid battery has a password?????

    i say BS

About the author

John BrownleeJohn Brownlee is a Contributing Editor. He has also written for Wired, Playboy, Boing Boing, Popular Mechanics, VentureBeat, and Gizmodo. He lives in Boston with his wife and two parakeets. You can follow him here on Twitter.

(sorry, you need Javascript to see this e-mail address)| Read more posts by .

Posted in News, Top stories | Tagged: , , |