Brandon Davenport Jul 25, 2011 Follow Me Follow Me Follow Me Follow Me Follow Me Follow Me Follow Me Follow Us Apple, Editorial , Hacks, Hardware

Computer viruses are scary and they have been for a long time, and I know that sounds stupid, but it’s true. As soon as we set up a computer for someone (or ourselves), the first thing we do is install anti-virus software out of sheer paranoia and fear of “viruses”. Sure, it’s scary to have malicious code prevent our machine from functioning properly, or using our computer like a zombie — but what if it stopped it from working entirely out of the blue?

Renowned Black-hat hacker and Security researcher Charlie Miller, has made a discovery that takes the fear of viruses to a fever pitch. What he has discovered is that a simple hack can render any Apple laptop useless and brick the battery by simply guessing a two passwords. It’s pretty crazy how the Apple batteries work too — they have their own processor and firmware to manage levels and everything else that’s required. Even though this is really awesome, it is also a huge security risk because if you can get into the chip and guess two passwords, you can brick the battery (Apple calls it “Sealed Mode”).

How Charlie bricked a MacBook battery

“The battery has its own processor and firmware and I wanted to get into the chip and change things and see what problems would arise.” What he discovered is that the batteries are shipped from the manufacturing facility in “sealed mode”, which means the battery is locked and unable to send current. The trick is that there’s just a four-byte password required to unlock the battery and make it usable.

This got Charlie thinking, and he started analyzing a few updates that Apple had sent over the past while to fix problems in the batteries in the past, Miller found that password and was able to put the battery into “unsealed mode.” This gave him control over the battery, and allowed him to use it to brick the MacBook.

“[This] lets you access it at the same level as the factory can. You can read all the firmware, make changes to the code, do whatever you want. And those code changes will survive a reinstall of the OS, so you could imagine writing malware that could hide on the chip on the battery. You’d need a vulnerability in the OS or something that the battery could then attack, though.”

The original plan was to blow it up

“I started out thinking I wanted to see if a bad guy could make your laptop blow up. But that didn’t happen. There are all kinds of things engineers build into these batteries to make them safe, and this is just one of them. I don’t know if you could really melt the thing down.”

Putting his ego aside to protect fellow geeks

Charlie could have easily been a hero to every malicious software developer, made boatloads of cash and given un-known power to evil hackers who would go on to develop maybe the most dangerous Mac virus in history. Instead Charlie decided to develop a tool that will change the default passwords, and keep the battery in sealed mode permanently.