|
Accuvant Labs' Charlie Miller describes how to hack Apple laptop batteries LAS VEGAS--The latest security threat to your laptop HP 537626-001 battery comes from an unexpected source: its HP 537627-001 battey . A security researcher demonstrated today at the Lenovo IdeaPad Y560 Battery Black Hat security conference how he was able to gain complete control of the microprocessor embedded in batteries used in Apple Macintosh laptops and then remove or bypass the built-in safeguards. "I can clearly brick the Lenovo 57Y6440 battery," said Charlie Miller, principal research SONY VGP-BPS22 battery consultant at security firm Accuvant Labs. "That's a cinch. I'm a pro at that." Miller suggested it would be possible to SONY VGP-BPS22A battery overheat a battery and start a fire by convincing a controller that the battery was discharged, even though it was completely full, but said he LENOVO 57Y4559 battery ss has not tried it and an analog fuse may prevent disaster. "The charger will think the remaining capacity is whatever I want," he said. "So it might overcharge." Accuvant posted working code today featuring an interface that Miller wrote that makes it easier to send commands to the battery controller.
Sniffing battery-to-laptop communications (Credit: Accuvant Labs) Bricking a battery, of course, doesn't mean that a laptop SONY VGP-BPS20 battery ceases to work. And older MacBook Pro laptops have batteries that can be replaced in Apple MB771 seconds. But newer MacBook Pro laptops, and the MacBook Air, have batteries that are not designed to be replaced by their owners. Even worse, if malware successfully slips past the defenses built into MB771LL/A OS X and takes up residence on a laptop, it could continue to keep bricking replacement batteries. Miller said the attack could take place in the HP ProBook 4320s battery other direction as well: Malware inserted into the battery's firmware could try to seize control of the computer even if the SONY VGP-BPS20/S operating system were reinstalled. "If the OS kernel has a bug, you could attack the HP ProBook 4520s battery OS from the battery," he said. Apple uses three chips made by Texas Instruments to control its LENOVO 57Y4559 battery laptops' batteries. Two provide protection against overcharging, short circuiting, and so on, while the TI BQ20Z80 chip keeps track of the Lenovo 57Y4558 battery battery's status, maintains the charge, and communicates with the laptop. Miller's presentation described how he began trying to figure out how the laptops communicate with their batteries and discovered that Apple did not change the default LENOVO 57Y4565 battery password. Here's an excerpt:
For the batteries that ship with all the Acer Aspire 3935 Battery Apple laptops I tested, the password to unseal the SAMSUNG AA-PB9NC6B battery and the password to enter full access mode are the hard-coded values provided in Texas Instruments documentation. In this work, I provide API functions which can be used to communicate with the AA-PB9NC6W battery . This allows the ability to make arbitrary configuration changes as well as dumping of the data flash and instruction flash. I provide IDA Pro scripts to disassemble the machine code from the firmware. We provide a way to dell 312-0234 battery disable the firmware checksum as well as to make arbitrary changes to the smart battery firmware. Due to the nature of the Smart Battery System, changes made to the smart battery firmware may cause safety hazards such as overcharging, overheating, or even fire. One of the utilities he released today lets you change the password from its default setting.
Related Articles -
batteries,
| 
