Anyway, they've already fixed this vulnerability in my MacBook Air. I'm not worried.
From the post, the author says the battery could repeatedly install malware or spyware to your computer.
What would be more worrying is if someone found a way to hack directly to you battery. IE a virus you get installs itself to your battery as its resurrection method rather than in a system file. Worse yet would be if someone maliciously wrote a virus that caused your battery to overcharge a month down the road.
Imagine all those stupid MSN virus' if they could fry your laptop battery.
That's of course beyond the point that a great many other things you buy at a computer store could more easily contain malware.
Theoretically, malware could get onto a machine by whatever means, then use the battery as a nasty hiding place, or target the battery itself.
EDIT: It should be noted that a second vulnerability will be needed to get code from the battery into the machine.
Now in fairness, being able to make something in my computer start a fire is on a way different level. But we're getting that from "Miller said that it might even be possible to overload the battery so that it catches fire"— he hasn't done it, and doesn't even know if it's possible. My money is on there are some lower-level safeguards to prevent bugs in the firmware from causing fires, even if they do ruin the battery. Li-ion batteries are designed physically with the knowledge that they're a ticking timebomb waiting to go off, and I can't believe that nobody at Apple has started from asking "But what if I were actually trying to make it explode."
>Using that password, Miller said that he has been able to do almost anything from giving false readings to the charger and the OS to ruin the device, to completely rewriting the firmware.
I don't know if it would be possible to make the battery burst into flame or explode. After the Sony battery fiasco, I'd expect there to be some kind of hardware interlock preventing short-circuits. However, it is possible to overwrite the battery firmware to prevent the battery from being charged, thus turning your Macbook Pro into a very small form-factor desktop.
Net result, changing battery firmware can reduce usefulness of battery (higher charging degrades cell life, blow fuses etc) but the packs should have hardware based protection from being a safety hazard
observation: Turns out, the battery is secured with Y-cut-head screws, rather than the traditional Phillips screws of the hard drive.
So not only is the hard drive a more obvious target... it's considerably easier to get to in my opinion. (Unless people have Y-shaped screwdrivers lying around, who knows).
Regardless, I think it still speaks to the notion that the battery is harder to attack than the hard drive other than the more obvious reasons.
It would be interesting to see real data from a location with a random though not unbiased sample (air travelers probably skew richer and younger than the average population).
The is a complete non-story, and I will tell you why:
1) Regarding installing "malware" on a battery. I have never worked with a battery monitoring ASIC that contains a general purpose micro controller. I have worked with Texas Instruments notebook battery monitors, and none of the ones I have worked on can run general purpose code. They have registers that the host can poll to get information about the battery, but there is no way to load code onto them. The researcher keeps talking about "reverse engineering the firmware" of the battery. Maybe things have changed recently, but I have never seen actual general-purpose firmware in a battery. Limits and calibrations settings yes, but firmware no.
2) Regarding any potential safety issues: Every battery controller board has a secondary battery protection IC. This IC has no firmware at all, and is a purely hardware based way to detect over-voltage, under-voltage, or over-temperature conditions. This can not be overridden in any way (it does not sit on a communication bus). Usually when this secondary protection kicks in, it will permanently disable the battery. In addition, each individual cell has a "PTC" (positive-temperature-coefficient) resistor in series that will isolate the cell if too much current is drawn. (Some battery designs might use a fuse instead.) This is in addition to the main battery fuse, and the controllable FETs.
These batteries are designed with multiple levels of protection. Any one of them failing (including the main monitor ASIC) will not make a battery catch on fire.
3) As far as I remember, you can't really use the SMBus of a notebook without having root access. I could be wrong here though.
4) Finally, this is by no means limited to only Macs. Every PC notebook has extremely similar battery architecture, with the exact same "security risks".
The worst that this guy could do, given he has physical access to your computer, would be to disable your battery. If you just want to do that, a hammer will do a much better job.
It's not limited to Macs, but Apple's the only company I could find that released battery firmware updates. Other machines do seem to use the bq20z80, but it was easiest by far to play with battery firmware on Macs (i.e. I never got anything working on any other kind of machine).
A semi-plausible fraud threat is that you can buy old batteries off ebay that have disabled themselves in hardware due to undervoltage, re-enable them, recharge them, and resell them as "like new." They'll work for a few days and then bulge.
Or were you actually able to make the battery's IC execute arbitrary code?
In my mind, firmware only refers to executable code. Curious though if there is a way to actually run code on those guys.
I thought he said he obtained the passwords from some apple update 2 years ago, which means the battery could be "updated" through some portal ,turns out such kind of hacking could be done in software level.
This guy claims he's gonna publish something that could change your MacBooks batteries' password into random strings, which means, your battery can no longer be updated, at least not by Apple. It doesn't seem to be quite a right solution for me... if someone hacked this tool, your MacBook's battery is his slave forever before anybody could crack that very password, which is probably not gonna be achieved easier than reinstall OS + hardisk + battery + etc, or buy a new MacBook.
"Pandora's Battery": http://www.noobz.eu/joomla/news/pandoras-battery.html http://www.krizka.net/2008/02/10/what-is-pandoras-battery/
So it wasn't exactly a security vulnerability, more like a failed attempt at security by obscurity.
It wouldn't quite melt your keyboard or anything that cool, but this has happened with apple products in the past.