Researcher hacks the batteries of Apple’s MacBook to allow persistent malware

A security researcher has found a way to install persistent malware or disable the battery system of Apple's MacBook line.

Former National Security Agency employee Dr Charlie Miller gained control of the microprocessor embedded in MacBook batteries, which could allow the installation of virtually undetectable malware, or simply destroy the entire unit.

"You could put a whole hard drive in, reinstall the software, flash the BIOS, and every time it would reattack and screw you over. There would be no way to eradicate or detect it other than removing the battery," Miller told Forbes.

The attack is possible because Apple's batteries ship with default passwords, which Miller discovered by reverse-engineering a 2009 MacBook software update.

After discovering the passwords Miller then bricked seven batteries while discovering the capabilities of the embedded system.

Malware installed on the battery would still need to find a weakness to cross into the operating system, but Miller said this is unlikely to be a problem, since the system does not appear to have been designed with security in mind.

Miller also discovered how to use the controller to raise the temperature in the battery. In practice, safety fuses would most likely burn out before the device exploded, since most recorded instances have involved contaminants in the battery power supply such as metal fragments, but the possibilities for mischief are there.

"These batteries just aren't designed with the idea that people will mess with them," he said. "What I'm showing is that it's possible to use them to do something really bad."

Apple and Texas Instruments have seen the research, and Miller will show the full data at the Black Hat security conference in August.

He will also release a tool called Caulkgun which generates random passwords for the MacBook's battery, although this could block later patches by Apple.

Miller, currently a researcher with security advisors Accuvant, has a long history of unusual hacks.

In 2008 he was part of a team that hacked Android for the first time, and has won prizes at CanSecWest for cracking the MacBook Air in under two minutes and repeatedly hacking Safari.