BankThink

MacBook Batteries Could Be Used to Hide Malware

The batteries in Apple's laptops run software that can be hijacked to house malicious programs or even cause physical damage to the machine, according to new research.

The software's intended purpose is to communicate power levels to the computer and to prevent the battery from drawing more power when it is at a full charge. A researcher uncovered the passwords used to access this software, and with those passwords, a hacker could plant malware that would be hidden from most computer experts, Andy Greenberg wrote on Forbes' The Firewall blog Friday.

A criminal might install "persistent malware on the chip that infects the rest of the computer to steal data, control its functions, or cause it to crash," Greenberg wrote. "Few IT administrators would think to check a battery's firmware for the source of that infection, and if undiscovered the chip could re-infect the computer again and again."

Researcher Charlie Miller uncovered the security flaw, and plans to detail it – and provide a fix for it – at a security conference next month. Miller told Greenberg that he found the battery's passwords by analyzing a 2009 software patch Apple distributed to address a problem with its laptop batteries.

If the battery passwords are used to infect a machine with malware, such as the kind used to steal banking credentials, even installing a new hard drive or reinstalling the operating system would not permanently remove the infection. "There would be no way to eradicate or detect it other than removing the battery," Miller told Greenberg.

Miller speculates that the battery's passwords can also be used to cause it to explode, but he did not test that. Greenberg noted that computer batteries are built with other protections, such as fuses, to prevent explosion if the software fails.

Miller's fix to the problem is a program that changes the password to a string of random characters. This approach would block hackers from accessing the battery, but it would also prevent users from applying any further updates from Apple to fix other issues with the battery.

For reprint and licensing requests for this article, click here.
MORE FROM AMERICAN BANKER