A security researcher claims to have found a new security flaw in Apple laptops that could allow hackers to ruin laptop batteries, infect them with malware or potentially cause them to overheat and catch fire.
Charlie Miller, principal research consultant at Accuvant Labs, said he has found a way to manipulate chips embedded inside Apple laptop batteries.
The chip monitors the battery’s temperature and level of charge, among other things. Those chips can be remotely controlled by hackers using a default password that Miller found on a website of the chip’s creator, Texas Instruments. Apple never changed the default password, Miller said.
Miller’s discovery, first reported by Forbes.com, is the latest potential security flaw found in Apple’s product line. Earlier this month, security experts disclosed a bug in Apple’s iOS operating system that could allow criminal hackers to gain remote access to iPhones, iPads and iPod Touch devices, Reuters reported. Apple said it is fixing that issue in an upcoming software update.
At the very least, Miller found he could ruin laptop batteries by altering the chip’s code. Not wanting to set his home on fire, Miller stopped there. But he imagines darker possibilities for hackers if Apple does not fix the security flaw.
“I have full access to the battery and I can make any changes I want,” Miller told The Huffington Post.
For example, hackers could install malware on the battery that would not be detected by anti-virus software because it would not appear on the hard drive, he said. The malware could attack the laptop’s operating system again and again, even after the user installed a new hard drive.
“The battery would keep attacking it,” he said.
Miller, a former security researcher for the National Security Agency, said it’s possible that Apple has taken extra security measures to prevent that from happening, or worse, causing a battery to overheat and catch fire. He said he reported his findings to Apple but did not hear back.
An Apple spokeswoman did not return a call for comment.
Since his discovery, Miller said he has received some criticism.
“People thought maybe I had blown up batteries, but I haven’t blown up anything,” he said. “It’s a step in that direction, but I don’t really know what all the implications are.”
Miller said he wrote a paper on the security flaw that he plans to present at the Black Hat security conference in August in Las Vegas, where he also plans to unveil a solution called a “Caulkgun” that changes the battery’s default password.
While the security flaw presents a potential danger, Miller said most users should not be overly concerned about a hacker taking over their laptop battery.
“It’s really only for people who are very paranoid,” he said.