A researcher has found that MacBook batteries can be hacked, potentially leading to persistent malware attacks or possibly even the destruction of the machine.
In an interview with Forbes magazine, Accuvant researcher Charlie Miller said that he would present his findings at the upcoming Black Hat Security Conference, due to take place in August.
He will also release a fix for the problem at the same time.
Miller found the problem after studying a software update released by Apple in 2009, when he discovered that the batteries used passwords on the embedded battery chips.
However, instead of providing protection for the systems, Miller found that the machines were all shipped with default passwords, enabling them to be interfered with by anyone able to access the computer, including remotely.
Not only does this mean that the machine can be rendered useless, as a hacker can essentially cause the system not to recognise the battery, there is also a risk of the battery being fried, possibly even causing a fire.
Through this route, hackers also can get enough access to the operating system to install malware, steal personal data and control its functions.
Further to this, once any malware has been installed in the battery chip, persistent infections can then take place as the malware would be very difficult to detect and repair, even after formatting the drives.
Miller told Forbes: “You could put a whole hard drive in, reinstall the software, flash the BIOS, and every time it would reattack and screw you over. There would be no way to eradicate or detect it other than removing the battery.”
Miller will release a fix called ‘Caulkgun’ which creates a string of random passwords. However, this would mean that Apple can’t then access the firmware affected in order to carry out repairs or software updates.
Miller has sent his findings to the company, alongside Texas Instruments.