A security researcher has found a way to install persistent malware or disable the battery system of Apple's MacBook line.
Former National Security Agency employee Dr Charlie Miller gained control of the microprocessor embedded in MacBook batteries, which could allow the installation of virtually undetectable malware, or simply destroy the entire unit.
"You could put a whole hard drive in, reinstall the software, flash the BIOS, and every time it would reattack and screw you over. There would be no way to eradicate or detect it other than removing the battery," Miller told Forbes.
The attack is possible because Apple's batteries ship with default passwords, which Miller discovered by reverse-engineering a 2009 MacBook software update.
After discovering the passwords Miller then bricked seven batteries while discovering the capabilities of the embedded system.
Malware installed on the battery would still need to find a weakness to cross into the operating system, but Miller said this is unlikely to be a problem, since the system does not appear to have been designed with security in mind.
Miller also discovered how to use the controller to raise the temperature in the battery. In practice, safety fuses would most likely burn out before the device exploded, since most recorded instances have involved contaminants in the battery power supply such as metal fragments, but the possibilities for mischief are there.
"These batteries just aren't designed with the idea that people will mess with them," he said. "What I'm showing is that it's possible to use them to do something really bad."
Apple and Texas Instruments have seen the research, and Miller will show the full data at the Black Hat security conference in August.
He will also release a tool called Caulkgun which generates random passwords for the MacBook's battery, although this could block later patches by Apple.
Miller, currently a researcher with security advisors Accuvant, has a long history of unusual hacks.
J1043+2408 was observed for more than 10 years, and its radio light curve exhibited a periodic signal repeating in about 563 days
Success of Unity's test flight means Virgin Galactic is now close to taking its first paying tourist into space
V3 puts the pro-level football GPS tracker through its paces, and asks if it's more than a gimmick
Finding refutes many earlier studies that suggest that galaxies don't have much dark matter at the time of their birth