Hacking Laptop Batteries: New Threat
Hello Readers,
Last month when I was just looking around for something different, and came up with this article.
The latest threat to your laptop is not in your Memory chips or storage device but surprisingly its in power-house i.e. Battery.
Earlier by just reading the Title Hacking Laptop Battery, I thought it might be something like you add some virus into memory and somehow getting into BIOS it manages to increases your power-consumptions and then it suddenly heats up and BOOOM....
hahahahahahaha.... Sorry can't help it with my destructive mind....
But the I realised what about the capacitors and others things. So I thought of giving it a little reading, nothing got into my mind. Finally I decided to give my precious 5 minutes to read this whole thing, and later I realised that it was worth of giving it.
I think you should also give few minutes to read this, if you are reading this line.
This security threat was revealed by researcher in Black Hat Security Conference held in early August, possibly on 3/4 august 2011 in USA. He demonstrated there How he was able to gain complete control of the microprocessor embedded in batteries used in Apple Macintosh laptops and then remove or bypass the built-in safeguards.
"I can clearly brick the battery," said Dr. Charlie Miller, principal research consultant at security firm Accuvant Labs. "That's a cinch. I'm a pro at that."
Dr. Charlie Miller is also known as "MAC HACKER"
Miller suggested it would be possible to overheat a battery and start a fire by convincing a controller that the battery was discharged, even though it was completely full, but said he has not tried it and an analog fuse may prevent disaster. "The charger will think the remaining capacity is whatever I want," he said. "So it might overcharge."
Accuvant posted working code today featuring an interface that Miller wrote that makes it easier to send commands to the battery controller.
Bricking a battery, of course, doesn't mean that a laptop ceases to work. And older MacBook Pro laptops have batteries that can be replaced in seconds. But newer MacBook Pro laptops, and the MacBook Air, have batteries that are not designed to be replaced by their owners.
Even worse, if malware successfully slips past the defenses built into OS X and takes up residence on a laptop, it could continue to keep bricking replacement batteries.
Miller said the attack could take place in the other direction as well: Malware inserted into the battery's firmware could try to seize control of the computer even if the operating system were reinstalled. "If the OS kernel has a bug, you could attack the OS from the battery," he said.
Apple uses three chips made by Texas Instruments to control its laptops' batteries. Two provide protection against overcharging, short circuiting, and so on, while the TI BQ20Z80 chip keeps track of the battery's status, maintains the charge, and communicates with the laptop.
Miller's presentation described how he began trying to figure out how the laptops communicate with their batteries and discovered that Apple did not change the default battery password. Here's an excerpt:
This is a mixture of both Cyber and Physical Threat. This is the most exciting development since the Stuxnet cyber-phys threat vector. The major threat I see is that anyone can do this from anywhere and to anyone. You might not know when your laptop BOOOM. While this is an interesting vulnerability, the threat of this vulnerability has been completely exaggerated. There is not a single instance of this vulnerability being exploited in the wild. And seriously, what is the real threat here? Hackers are going to burn out your battery? This is not a threat to global financial stability.
We need to put these vulnerabilities in context with the real world. This is not a serious vulnerability. it is not some "game changing" attack. It's a minor problem that is relatively easily fixed with updates to the controller or system software. This attack has presented absolutely no threat whatsoever to the public. IT departments worldwide should give this new hack absolutely no attention whatsoever. While research like this is valuable (to Apple).
Finally the result coming out with all the hustle is that you don't need to panic untill you own a MacBook and if you own it then also you don't have to panic because one needs to have physical access also. Though there is one way via OS through which physical access is not required but its really tough and no one will target you untill you are worthy. There is not a single case reported like this.
Credit: Declan McCullagh, Accuvant
Source Image: Internet
Last month when I was just looking around for something different, and came up with this article.
The latest threat to your laptop is not in your Memory chips or storage device but surprisingly its in power-house i.e. Battery.
Earlier by just reading the Title Hacking Laptop Battery, I thought it might be something like you add some virus into memory and somehow getting into BIOS it manages to increases your power-consumptions and then it suddenly heats up and BOOOM....
hahahahahahaha.... Sorry can't help it with my destructive mind....
But the I realised what about the capacitors and others things. So I thought of giving it a little reading, nothing got into my mind. Finally I decided to give my precious 5 minutes to read this whole thing, and later I realised that it was worth of giving it.
I think you should also give few minutes to read this, if you are reading this line.
This security threat was revealed by researcher in Black Hat Security Conference held in early August, possibly on 3/4 august 2011 in USA. He demonstrated there How he was able to gain complete control of the microprocessor embedded in batteries used in Apple Macintosh laptops and then remove or bypass the built-in safeguards.
"I can clearly brick the battery," said Dr. Charlie Miller, principal research consultant at security firm Accuvant Labs. "That's a cinch. I'm a pro at that."
Dr. Charlie Miller is also known as "MAC HACKER"
Miller suggested it would be possible to overheat a battery and start a fire by convincing a controller that the battery was discharged, even though it was completely full, but said he has not tried it and an analog fuse may prevent disaster. "The charger will think the remaining capacity is whatever I want," he said. "So it might overcharge."
Accuvant posted working code today featuring an interface that Miller wrote that makes it easier to send commands to the battery controller.
Bricking a battery, of course, doesn't mean that a laptop ceases to work. And older MacBook Pro laptops have batteries that can be replaced in seconds. But newer MacBook Pro laptops, and the MacBook Air, have batteries that are not designed to be replaced by their owners.
Even worse, if malware successfully slips past the defenses built into OS X and takes up residence on a laptop, it could continue to keep bricking replacement batteries.
Miller said the attack could take place in the other direction as well: Malware inserted into the battery's firmware could try to seize control of the computer even if the operating system were reinstalled. "If the OS kernel has a bug, you could attack the OS from the battery," he said.
Apple uses three chips made by Texas Instruments to control its laptops' batteries. Two provide protection against overcharging, short circuiting, and so on, while the TI BQ20Z80 chip keeps track of the battery's status, maintains the charge, and communicates with the laptop.
Miller's presentation described how he began trying to figure out how the laptops communicate with their batteries and discovered that Apple did not change the default battery password. Here's an excerpt:
For the batteries that ship with all the Apple laptops I tested, the password to unseal the battery and the password to enter full access mode are the hard-coded values provided in Texas Instruments documentation. In this work, I provide API functions which can be used to communicate with the battery. This allows the ability to make arbitrary configuration changes as well as dumping of the data flash and instruction flash. I provide IDA Pro scripts to disassemble the machine code from the firmware. We provide a way to disable the firmware checksum as well as to make arbitrary changes to the smart battery firmware. Due to the nature of the Smart Battery System, changes made to the smart battery firmware may cause safety hazards such as overcharging, overheating, or even fire.
This is a mixture of both Cyber and Physical Threat. This is the most exciting development since the Stuxnet cyber-phys threat vector. The major threat I see is that anyone can do this from anywhere and to anyone. You might not know when your laptop BOOOM. While this is an interesting vulnerability, the threat of this vulnerability has been completely exaggerated. There is not a single instance of this vulnerability being exploited in the wild. And seriously, what is the real threat here? Hackers are going to burn out your battery? This is not a threat to global financial stability.
We need to put these vulnerabilities in context with the real world. This is not a serious vulnerability. it is not some "game changing" attack. It's a minor problem that is relatively easily fixed with updates to the controller or system software. This attack has presented absolutely no threat whatsoever to the public. IT departments worldwide should give this new hack absolutely no attention whatsoever. While research like this is valuable (to Apple).
Finally the result coming out with all the hustle is that you don't need to panic untill you own a MacBook and if you own it then also you don't have to panic because one needs to have physical access also. Though there is one way via OS through which physical access is not required but its really tough and no one will target you untill you are worthy. There is not a single case reported like this.
Credit: Declan McCullagh, Accuvant
Source Image: Internet
Comments
