When we think about data security and possible vulnerabilities in our computing systems, the laptop battery generally doesn’t come to mind as a hacker target. Well, security researcher Charlie Miller discovered that modern laptop batteries are just as hackable as anything else and may be far more difficult to detect, after he examined the batteries in several MacBooks, MacBook Pros, and MacBook Airs.
According to Miller, modern laptop batteries contain their own firmware and microcontrollers to monitor power levels, allowing operating systems to check and respond accordingly. Even when your notebook is powered off, the lithium ion battery inside knows when to stop charging. Also, the battery can detect and regulate its heat level to maintain a safe temperature.
From examining Apple’s laptops, Miller noticed that all the embedded chips in the batteries used the same default passwords. This means that a hacker who knows of the password can find a way to control the chip’s firmware and in turn manipulate the battery to wreak havoc on your system.
There are many possible methods of attack, including not letting your battery recharge, not letting it regulate heat leading to physical dangers, and implanting hidden malware that infects your computer. This last one can reinfect your computer over and over again even after cleaning out the system and reinstalling all software if the battery is not changed as well.
Miller has sent his research to Apple and Texas Instruments and expects to expose the vulnerability at the Black Hat security conference in August. He has also proposed a fix, which he calls “Caulkgun,” that replaces the battery firmware’s default password with a random string. However, this password change could be an issue when it comes to OS updates.