Posts Tagged ‘apple’
Black Apple Laptops
Friday, September 23rd, 2011
How a Security Researcher Discovered the Apple Battery ‘Hack’
A security “noob” mistake has left the batteries in Apple’s laptops open to hacking, which could result in a bricked battery or, in a worst case scenario, fire or explosion. This was revealed Friday after Accuvant Labs security researcher Charlie Miller disclosed that he plans to detail the hack at the annual Black Hat security conference in early August.
We were curious as to how Miller, known for repeated hacks of Apple’s Safari Web browser at the annual Pwn2Own hacking competition, stumbled upon this hack in the first place—after all, it is somewhat obscure and doesn’t fall into what most people consider to be his typical focus area (browsers). Miller took time to answer our questions about what the hack is and how he found it, as well as what he plans to do when Black Hat rolls around.
The vulnerability
Laptop batteries include microcontrollers which constantly monitor charging voltage, current, and thermal characteristics, among other properties. These microcontrollers are part of a system called the Smart Battery System, designed to improve the safety of Li-Ion and Li-Poly cells used in these batteries.
According to Miller, these controllers can be hacked in a fairly straightforward manner. By reprogramming the microcontroller’s firmware, a battery could report a much lower internal voltage or current, causing the charger to overcharge the battery. In Miller’s testing, he was only successfully able to turn a series of seven $130 MacBook Pro batteries into expensive bricks, but he told Ars that it may be possible to cause fire or even an explosion.
“Lithium-ion batteries are potentially dangerous, and it’s possible that futzing with the parameters could cause the battery to fail at best, or explode at worst,” Miller said. “I know there are internal fuses and other safeguards to prevent that from happening, and I never did it myself, but there’s certainly potential to get some malware to rewrite the smart battery firmware and cause some catastrophic failure.”
Typical single smart battery system.
As Miller noted, Smart Battery Systems include fuses which can disable cells if they reach dangerous internal voltages. But even these safeguards occasionally fail, resulting in toasted laptops.
Miller also told Ars that the battery firmware hack could be used to create a sort of “permanent” malware infection. Such malware, or a least a portion of it, could be installed in the micorcontroller’s flash memory. Even if an infected computer’s drive were replaced and the operating system re-installed, it’s possible that an exploit could allow the malware to be reloaded from a laptop’s Smart Battery System firmware.
The discovery
While the threat of un-installable viruses that cause laptop batteries to explode is highly unlikely, the truth is that the vulnerability exists in the first place because of a blunder on Apple’s part. While researching potential vulnerabilities in the MacBook Pro’s power management system, Miller inadvertently discovered that Apple used default passwords described in publicly available documentation on the Smart Battery System, which allows rewriting the firmware itself.
Miller began by trying to determine if it was possible to manipulate or control the battery charging system. He downloaded a battery firmware update that Apple released a couple years ago, and dug through its code to see how the system communicates with the Smart Battery System. Inside the firmware updater, he found a password and a command to “unseal” the microcontroller, which allowed the firmware updater to change some of the battery’s parameters.
This particular updater, according to Miller, merely told the battery to always keep a slightly higher minimum charge in order to keep the battery from becoming unable to hold a charge after being unused for an extended period of time. But searching for the unseal command led Miller to the Smart Battery Charger Specifications. Digging through the documentation, Miller learned that the password Apple used to unseal the microcontroller was the default used in the specifications.
On a whim, Miller tried the default password to switch the microcontroller into “full access mode,” sort of like an administrator account on your Mac. “Unlike the unsealed mode, in full access mode, I could change anything: recalibrate the battery, access the controller at a really low level, including getting the firmware or changing it,” Miller said.
Miller downloaded the firmware and reverse engineered the microcontroller’s machine code, bricking several batteries in the process. Eventually he was able to change the firmware to “always lie, like to say it wasn’t fully charged even when it was.”
The fact that Apple never bothered to change the default password is disconcerting, especially considering the effort Apple has made to beef up security in Mac OS X Lion. Lion’s implementation of address space layout randomization (ASLR) is now “complete,” according to Miller, making it impossible to know where the OS has loaded system functions into memory. Furthermore, Safari—Miller’s preferred exploit vector—is now divided into two sandboxed processes, one for the GUI and one for rendering Web content.
“That second process is sandboxed; it can’t access your files and other stuff,” Miller explained. “Even if you have browser exploits, the only way to do anything [useful] is to get out of the sandbox.” Miller said that would mean finding a bug in the kernel itself. “That’s not impossible… but it’s definitely much harder with a sandbox than without.
“It’s certainly going to be a lot harder to own a Mac at Pwn2Own next year,” Miller admitted.
Miller speculated that Apple assumed that the battery would never be a target for hackers, and so kept the default passwords described in the documentation as a convenience. Unfortunately, that convenience has resulted in a potential headache for Apple laptop users.
Miller handed his research over to Apple a few weeks ago to give the company time to come up with its own workaround before he presents his findings at the Black Hat conference on August 4. Miller has also written a Mac OS X tool that will generate a random password and store it in a battery’s firmware, preventing future hacks—but also preventing future firmware updates, which will be released when he gives his talk at Black Hat.
About the Author
http://www.batteryfast.com/ – Quality notebook batteries, cordless drill batteries, camcorder batteries, online shop: Manufacturer Warranty and Factory-direct price!
Acer as07b41 battery , dell vostro 1500 battery , Dell d630 battery on sales!!
ASUS U31JG-XA1 13.3-Inch Laptop – Black
|
|
Macbook A1342 13 LCD Screen Top (Back) (Lid) Cover $100.00 Macbook A1342 13″ LCD Screen Top (Back) (Lid) Cover… |
|
|
Belkin Mini Surge Protector Dual USB Charger $13.30 Protect your electronic devices while traveling…. |
|
|
(10 Items Combo) Tool Repair Kit Precision Screw Driver Set Torx + Flat Head + Safe Plying Prying Pry Tool for Motorola Verizon Sprint Att Cingular Razr Razorand More $10.90 Item 1 – 7 : Magnetized tips precision torx screw driver. Sizes : T3, T4, T5, T6, T7, T8, T10. Durable with precision cut sizes to ensure you can get the job right like a professional. Support end (blue color ends) give you the ability to turn the screw driver and holding it still, and magnetized tips to hold the screws to avoid dropping the tiny parts. Use this kit to repair cell phones, laptops,… |
|
|
Belkin Conserve Valet with Energy-Saving USB Charging Station $39.99 Most chargers continue to use power as long as they’re plugged into the wall, even after you unplug your device. The Conserve Valet Smart USB Charging Station lets you charge all of your mobile devices in one convenient place, and automatically shuts off power, including standby power, after devices are fully charged. It even senses when new devices are added so you always get a full charge, and h… |
|
|
LeapFrog® Didj Custom Learning Gaming System $67.95 With games that reinforce skills like math and spelling, the LeapFrog DIDJ is a custom gaming system that parents won’t mind seeing their children spending their afternoons with. Using your computer and the LEAPFROG Connect application, games can be customized to provide all kinds of learning opportunities for all kids between the ages of six to ten. .caption { font-family: Verdana, Helvetica ne… |
|
|
MiLi Power King (HB-P18) Super Capacity 18000mAh Compatible w/ Apple iPhone4, iPad Battery Cell: Lithium Polymer Power Capacity: 18000 mAh Input: DC 19V, 3.5A (max) Output: DC16-20V/3.5A (max) DC9-12V/2A (max) DC5V/2.1A or 1A Self-charge Time: ~4 Hrs Cell Phone: Up to 112h + Talk MP3:Up to 540h + Music Digital Camera: up to 7000+ Photos Gaming: Up to 96h+ Play Laptop: Up to 6h+ time… |
|
|
MA561LLA-B Laptop Battery $51.1 Laptop Battery Compatible With Apple MacBook 13 inch. Fits with compatible part number: MA561LLA-B, MA566LL/A, 661-4704, 661-4705, A1185. Battery Technology: Li-Ion, 10.8V, 5000mAh. 100% OEM Compatible Battey Color: Black Order the MA561LLA-B Today – 1 year Warranty, 30 Day Money Back No Risk Shopping, Secure Online Ordering Guaranteed! See all the laptops this PN MA561LLA-B will fit! |
|
|
51629A Printer Ink Cartridge $18.88 Remanufactured Ink Cartridge for HP Deskjet 600, Deskjet 660c, Deskjet 660cse, Deskjet 670c, Deskjet 670tv, Deskjet 672c, Deskjet 680, Deskjet 680c, Deskjet 682c, Deskjet 690c, Deskjet 692c, Deskjet 693c, Deskjet 694c, Deskjet 695c, Deskjet 695cci, Deskjet 697c, Deskwriter 600, Deskwriter 660c, Deskwriter 672, Deskwriter 680,Deskwriter 680c, Deskwriter 682, Deskwriter 682c, Deskwriter 690c, Deskwriter 693, Deskwriter 693c, Deskwriter 694, Deskwriter 694c, Fax 900, Fax 910, Fax 920, Officejet 500, Officejet 520, Officejet 570, Officejet 580, Officejet 590, Officejet 600, Officejet 610, Officejet 630, Officejet 635, Officejet 700, Officejet 710, Officejet 720, Officejet 725,PSC 300, PSC 370, PSC 380 and Apple Stylewriter 4100, Stylewriter 4500 printers. Fits with compatible part number: 51629A-ER, 51629A . Specs Yield:720 Color:Black 100% OEM Compatible Order the 51629A-ER Today – 30-Day Money Back No Risk Shopping, Secure Online Ordering Guaranteed! Models displayed may be different than model shipped. See all the printers, faxes, and copiers that use this part! |
|
|
Black Widow $130 |
|
|
Black Oak $92 |
|
|
Black, White and Pink All Over $42 What’s black and white and pink all over? Black and white houndstooth swirls beneath a perfectly playful pink waist band and crisp ruffle top. To care for this dress, machine wash in cold on delicate cycle or hand wash. Hang dress to dry. Dress by Addi and Kinsi. |
