A laptop battery is probably the least suspected target for a hacker. But security researcher Charlie Miller discovered that modern laptop batteries are just as vulnerable to hack jobs as anything else, and may even be far more difficult to detect after examining the batteries in several MacBook, MacBook Pros, and MacBook Air models.
Miller claims modern batteries contain its own firmware and microcontrollers to monitor power levels, allowing operating systems to check and respond accordingly. Even when your notebook is powered off, the lithium ion battery inside knows when to stop charging. Also, the battery can detect and regulate its heat level to maintain a safe temperature and shut down when it’s outside the safe zone.
From examining Apple’s laptops, Miller realized that all the embedded chips in the batteries used the same default passwords. So any hacker who knows of the password can find a way to control the chip’s firmware and in turn manipulate the battery to cause several plagues to occur on the laptop; including locking the ability to recharge, disallowing it to regulate heat (leading to physical dangers), and implanting hidden malware that infects your computer. That malware can also re-infect your computer over and over again even after cleaning out the system and reinstalling all software, if the battery isn’t changed as well.
“No one has ever thought of this as a security boundary,” says Miller. “It’s hard to know for sure everything someone could do with this.” At the Black Hat security conference in August, Miller plans to expose and provide a fix the chips that control their batteries.