Apple is da bomb! Vulnerability found in battery circuitry

Subject: Editorial, General Tech | July 25, 2011 - 10:24 PM |
Tagged: Malware, apple

Okay, so the title is more joke than anything else but security researcher Charlie “Safari Charlie” Miller discovered a vulnerability in Apple devices, sort of. This exploit, which appears to not actually be a security flaw and rather just an over-permissive design, allows an attacker to gain access to your battery control using one of two static company-wide passwords. Charlie has discovered many exploits in the past several years on the OSX and iOS platforms. One of the most high profile attacks he discovered involved a data-execution vulnerability in the iPhone’s SMS handling: under certain conditions your iPhone could potentially confuse inbound text messages as code and run it with high permissions.

View Full Size

Malware assaults and battery charges.

(Image from Apple, modified)

So what does having the ability to write to a laptop’s battery firmware mean? Firstly, remember the old advice of “Get a virus? Reinstall your OS!”? Well assuming you actually can perform a clean install without ridiculous hacking (thanks Lion) the battery controller can simply re-infect you if the attacker knows an exploit for your version of OSX. But how does the attacker know your current version of OSX? Well if you are installing from an optical disk they just need to know a Snow Leopard RTM exploit; unless of course you extract Lion from the Mac App Store and clean install using it – assuming the attacker does not know an exploit for Lion or simply just infects the reinstall media if you created it from the infected computer. True, malware is about money so it is highly unlikely that an attacker would go for that narrow of a market of Mac users (already a narrow-enough market to begin with) but the security risk is there if for some reason you are a tempting enough target to spear-phish. Your only truely secure option is removing the battery while performing the OHHHHHHHH.

You know, while working (very temporarily) on the Queen's University Solar Vehicle project I was told that Lithium cells smell like sweet apples when they rupture. I have never experienced it but if true I find it delightfully ironic.

While that would all require knowledge of other exploits in your operating system, there is a more direct problem. If for some reason someone would like to cause damage against your Apple devices they could use this flaw to simply break your batteries. Charlie has bricked nine batteries in his testing but has not even attempted to see whether it would be possible to over-charge a battery into exploding. While it is possible to force the battery controller to create the proper conditions for an explosion there are other, physical, safe guards in place. Then again, batteries have exploded in the past often making highly entertaining Youtube videos and highly unentertaining FOX news clips.

Source: Forbes
July 26, 2011 | 12:41 AM - Posted by JSL

This should shut apple fanboy's up for a bit. lol

July 26, 2011 | 02:43 AM - Posted by Scott Michaud

It's not an Apple thing, per se: security is hard. Very very hard. The worst thing to do, security wise, is be complacent. If you think you have a quick and easy method to total security with no caveats you are wrong.

July 26, 2011 | 11:41 AM - Posted by JSL

In this case, it is an apple thing as batteries are non removeable, and this exploit is has the potential of being physically dangerous.

July 26, 2011 | 01:36 PM - Posted by Scott Michaud

Nah, any storage of energy if it is forced to release it too quickly is problematic. Does Apple's non-replaceable battery make it any more inherently dangerous? Well there's physically more battery in there so if it does explode it will make a bigger effect but no more likely than any other battery that it will explode.

What Apple's non-replaceable battery does is prevents you from removing the infected device meaning that an attack could keep jumping from the OS to the battery to the OS to the battery as you reinstall the OS or the Firmware provided you cannot overwrite both before it replicates. That said, unless you're (for instance) the Dalai Lama who needs to worry about the Government of China throwing probably millions of dollars into hacking him specifically, it is highly unlikely that someone would put that much money in malware.

July 26, 2011 | 04:19 AM - Posted by ThorAxe

Unlikely. They will deny it's existence and then Apple will use their RDF so that Apple users will believe that this is a feature of Lion.

July 26, 2011 | 10:47 AM - Posted by Grif_E (not verified)

This reminds me of those car tire wireless censors that have been exploited.

July 26, 2011 | 11:38 AM - Posted by JSL

you mean the air pressure sensors which most of the time didnt work?

Post new comment

The content of this field is kept private and will not be shown publicly.
  • Lines and paragraphs break automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <blockquote><p><br>
  • Web page addresses and e-mail addresses turn into links automatically.

More information about formatting options

By submitting this form, you accept the Mollom privacy policy.