According to Forbes, Charlie Miller is the man who discovered this vulnerability and he plans to present his research at the upcoming Black Hat conference.
The batteries’ chips are shipped with default passwords, such that anyone who discovers that password and learns to control the chips’ firmware can potentially hijack them to do anything the hacker wants. That includes permanently ruining batteries at will, and may enable nastier tricks like implanting them with hidden malware that infects the computer no matter how many times software is reinstalled or even potentially causing the batteries to heat up, catch fire or explode. “These batteries just aren’t designed with the idea that people will mess with them,” Miller says. “What I’m showing is that it’s possible to use them to do something really bad.”
Miller thinks it might even be possible to remotely blow up a battery on command, though he also says that for a hacker to gain access, they would have to discover a second vulnerability to gain initial access to a computer. Still though, scary. [Forbes]
Image via Flickr/yum9me
Jason
Saturday, July 23, 2011 at 2:03 PMGood to know that Apple’s security is still top notch, just like they have always claimed..
Des
Saturday, July 23, 2011 at 3:15 PMThey just work!
Gabriel
Saturday, July 23, 2011 at 6:49 PMWhy does a battery need a password in the first place?
Adam
Saturday, July 23, 2011 at 11:46 PMMacs, They never crash!
but blow up? that’s to be announced in a future software update!
Steve
Saturday, July 23, 2011 at 11:59 PMPuzzled as to why this loophole even exists.
Dan
Sunday, July 24, 2011 at 4:34 PM“though he also says that for a hacker to gain access, they would have to discover a second vulnerability to gain initial access to a computer. Still though, scary.”
So, basically, unless you have physical access to the computer, you can’t do anything. And in that case you’d probably just, y’know, throw the fucking thing out the window.
Here come the MacHaters though. Haters gonna hate.
Andres
Tuesday, July 26, 2011 at 1:40 PMNo, you don’t need physical access. Vulnerabilities exists, and are exploited all the time… but usually all they can do is steal your data, or at worst deleting it.
Also, most malware can be removed by formatting your computer.
This however, is different. Formatting your hard drive will not remove malware installed in your battery, and what’s worst, malware int your battery can cause physical damage to you or your computer.
Jamin
Monday, July 25, 2011 at 2:02 AMYou’re charging it wrong!
JAck
Monday, July 25, 2011 at 7:13 AMObvious trolls are obvious…..
Johnny P
Monday, July 25, 2011 at 8:00 AMThats impossible. Macs and iDevices are magical devices which are impervious to vicious human corruption.
Nathan
Monday, July 25, 2011 at 11:17 AMYeah I mean don’t Apple design these things so they are too beautiful for anyone to ever want to do harm to them.
Thanks Jobs, you inadvertently created the ultimate security feature, genious.
olearymo
Monday, July 25, 2011 at 9:28 AMIt’s a feature.
DK Son
Monday, July 25, 2011 at 10:28 AMSteve Jobs went on leave earlier in the year to convert to Islam and now he is a terrorist.
Srsly, now there is a MAC PC in like every second house. If Jobs was a terrorist, or if terrorists somehow figured out how to nuke these things remotely, it would be AAAAARMAGEDDON!