One uncompromising headline certainly implies that battery-based malware – whether inferno-related or not – is an inevitability, trumpeting proudly that “Apple laptop batteries are the new attack vector.”
That remains to be seen, as does reverse-engineering maestro Charlie Miller’s talk at the upcoming Black Hat conference in Las Vegas, where the paper which spurred these headlines will be presented.
You’ve probably noticed that modern operating systems can tell you an awful lot about your battery, including its rated power, its current charge, how fast it’s charging, and more.
This is because the battery pack includes not just Lithium-based power cells, but also an embedded processor with its own firmware.
Miller spent some time – and quite a bit of his own money on “bricked” batteries, too! – working out how Apple Macbooks interact with their power packs, reverse engineering the battery firmware and working out how to modify it. According to reports, Miller was inspired to do this following an Apple software update in 2009 in which Apple tweaked its own battery firmware, thus helping him zoom in on the code which interacted with the battery device.
It turns out that the firmware is password protected, but the passwords (like the iPhone’s root password) are the same across all Apple hardware. This helps prevent inadvertent modification, but unsurprisingly doesn’t protect against a malicious attacker with administrative access.
Of course, the issue of malware in field-updatable firmware is not new. In the late 1990s, Taiwanese student Chen Ing Hau released the CIH, or Chernobyl, virus which included a warhead which tried to reflash your BIOS on 26 April.
If you had the right – or wrong – sort of BIOS chip, your BIOS was toast. On the next reboot, your PC would hang when it executed just its second instruction after power-up. So you couldn’t even get far enough to run an emergency BIOS reflashing utility.
Surprisingly, at least in my opinion, no malware ever appeared in the wild to do more than simply “brick” an affected PC’s BIOS, even though most personal computer BIOSes still aren’t protected with any sort of hardware safety interlock.
A hardware interlock wouldn’t prevent an attack against your BIOS, or against your battery. But it would certainly help prevent unexpected modification of system firmwares if all firmware updates required the user to hold down a button-operated switch, and if attempts to write to the firmware were to raise an alarm whenever the switch was not depressed.
So, are Apple laptop batteries the new attack vector? Could a virus set your beloved Macbook on fire?
The answer to the first question is: no more so that any other hardware in your system with field-updatable firmware. That includes the motherboard itself, your wireless card, your 3G modem, network card, graphics device, storage devices and much more. Including, of course, the battery pack. And – as Apple fans reading this article will be happy to note – the risk is not unique to Apple, though Charlie Miller’s paper is.
The answer to the second question seems to be: not if the battery is correctly manufactured. As Andy Greenberg points out on Forbes.com, “the batteries [Miller] examined have other safeguards against explosions: fuses that contain an alloy that melts at high temperatures to break the circuit and prevent further charging.”
Leave a reply