MacBook users are being warned their Apple laptop batteries are vulnerable to being hacked.
After studying the batteries in several MacBooks, MacBook Pros, and MacBook Airs, security researcher Charlie Miller found that Apple laptop microcontroller chips are shipped with default passwords that, once discovered, can be used as a hiding spot for malware as well as a conduit for disabling the battery and even blowing it up.
[ Also on InfoWorld: Apple Mac sales back above 10 percent -- after 20 years. | Keep up on the day's tech news headlines with InfoWorld's Today's Headlines: Wrap Up newsletter. ]
"These batteries just aren't designed with the idea that people will mess with them," Miller told Forbes. "What I'm showing is that it's possible to use them to do something really bad."
Using passwords associated with a 2009 Apple software update, Miller was able to permanently disable several batteries, manipulate readings sent to the operating system and charger, and completely rewrite the chip's firmware.
He said a culprit could install malware on the chip to infect the rest of the computer and steal data, control its functions, or cause it to crash. And even though the batteries he studied have safeguards against explosions, he thinks it would be possible to remotely cause them to explode on command.
What complicates the issue is that Apple notebook batteries are built-in instead of removable.
"That change began in 2009 with the 17-inch MacBook Pro, and trickled down to the other models, resulting in considerable battery life gains at the expense of easy replacement. This means if a battery were to somehow be compromised, it's a trickier fix. At the same time, it means potential attackers need to gain control of that system before they can do anything, short of taking apart the machine," writes Josh Lowensohn for Cnet.
Here are some tips to avoid problems.
- Only accept installs or updates that you've researched or scanned with security software.
- Never trust spam email.
- Be very wary of pop-up windows that suggest an update.
- Stay away from illegal file-sharing services.
According to the Huffington Post, Miller said most users should not be overly concerned about a hacker taking over their laptop battery. And Apple Insider reports that Miller believes Mac OS X security is better than ever before in spite of his findings.
Miller, who works for security firm Accuvant, plans to discuss his findings at the Black Hat security conference in Las Vegas next month.