DecryptedTech

Thursday18 August 2022

Apple Macbook batteries vulnerable to hack


Reading time is around minutes.

News_iPhone-battery-1776Anyone remember Charlie Miller? He is the guy that has hacked more than his share of Apple products (and won a few PWN2Own contests). Well Charlie is back; this time he has found a hole in Macbook Batteries that can allow full control of the Macbook including uploading small programs that are undetectable by virus scanners. The reason they are undetectable is that the code is hidden inside the battery firmware.  Charlie was able to get inside the firmware after digging through it and finding the passwords that allowed him access. Due to Apple’s tendency to use the same password for each line of its products (like the iPhone) it was very easy to spread this exploit to other systems.

Charlie also claims that he was able to permanently disable multiple systems through the use of this exploit. Apple has come under fire by security experts in the past for this habit which has led to many security experts questioning the use of iPhones in a business capacity. After all, the root password for every un-jailbroken iPhone is alpine. This means that a malicious person can affect every phone with the use of this one password, just like what can be done with the new MacBook exploit.

Apple hardware is no stranger to hardware exploits though. It was not that long ago that someone found a way to hack the firmware in their Bluetooth keyboards to install a virus that was, once again, undetectable by anti-virus software. These issues fly in the face of many of Apple’s claims of invulnerability. Remember, there is really no such thing as a computer or OS that is immune to viruses and malware. If your favorite OS does not have one for it yet, just wait the Malware authors will get around to it soon enough. For now it will be interesting to see if and when Apple will fix this.

Source

Talk about this on our forum

Last modified on Saturday, 23 July 2011 19:52

Leave a comment

Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.