# There's A Way For Hackers To Attack Your MacBook's Battery And



## coolness (Jul 24, 2011)

QUOTE said:
			
		

> A hacker has discovered a vulnerability in MacBooks that can potentially allow others to gain control of battery, making it so they can keep it from charging or even explode.
> 
> The hacking method was discovered by a man named Charlie Miller, who told Forbes the MacBook's "smart" battery have the same default password.
> 
> ...



Source
so happy that i only have a defect windows laptop and a half fucked linux laptop


----------



## purechaos996 (Jul 24, 2011)

But macs are like totally hack proof and can't get viruses and stuff. /Mactard

Lol.


----------



## 1234turtles (Jul 24, 2011)

macbombs


----------



## coolness (Jul 24, 2011)

purechaos996 said:
			
		

> But macs are like totally hack proof and can't get viruses and stuff. /Mactard
> 
> Lol.



not totally as you can see


----------



## Tonitonichopchop (Jul 24, 2011)

Well that's lovely. Have a nice month Mac users


----------



## Wizerzak (Jul 24, 2011)

Nah, I'm safe, I've got a Mac which, as we all know, are totally virus proof.

jks. I would never buy a mac. Anyway, time to go to the Apple store and complain to the staff there pretending I have a Mac which got a virus after they told me it would be virus proof.


----------



## Dter ic (Jul 24, 2011)

Spoiler: iFish/Raika/Mac Users



right, time to notify iFish/Raika/Other Mac Users that a Mac has the potential to explode at hackers will.

RUN AWAY FROM YOUR MAC'S, PEOPLE OF THE EARTH, THIS IS AN AVANCED WARNING. DO NOT IGNORE THIS. 
	

	
	
		
		

		
		
	


	







Intresting find i must say, I wonder what else can hackers could control on a Mac 
	

	
	
		
		

		
		
	


	





EDIT: so, terrorists could just simply bring a mac to a plane, activate the battery hack and then....

PROFIT


----------



## Fishaman P (Jul 24, 2011)

So will it now be illegal to take a MacBook on a plane?


----------



## coolness (Jul 24, 2011)

Fishaman P said:
			
		

> So will it now be illegal to take a MacBook on a plane?



this is great new for the people from AQuada


----------



## Rizsparky (Jul 24, 2011)

im sure chucking it in a freezer would negate the heat rise


----------



## Hop2089 (Jul 24, 2011)

Al-Qaeda and Hamas found their new terrorist weapon.


----------



## prowler (Jul 24, 2011)

And when people call up Mac Support they will deny everything and tell you nothing.


----------



## Slyakin (Jul 24, 2011)

Well, this scares me as I'm reading this on a Macbook.


----------



## Deleted member 473940 (Jul 24, 2011)

OMG, thats scary shit!
and there I was gonna get a refurbished Macbook Pro.. lol


----------



## Traversal (Jul 24, 2011)

Fishaman P said:
			
		

> So will it now be illegal to take a MacBook on a plane?



Well, I wouldn't think the explosion would be that big, considering how it's just the battery. Perhaps enough to burn your lap, however. Anyways, I don't see this hack lasting long, maybe a few months or so, depending on whether it's the hardware or the software that has to be changed.


----------



## SamAsh07 (Jul 24, 2011)

Lolololol, enjoy your Macs, now people will intrude into the topic saying "Ha! Linux ftw" -_-


----------



## Foxi4 (Jul 24, 2011)

Traverse96 said:
			
		

> Fishaman P said:
> 
> 
> 
> ...



Ba-wut? You have *NO* idea what you're talking about. The explosion is *quite potent*, Lithium is one of the most reactive materials known to man.

[youtube]QJCZ4ayioCU[/youtube]

I assume that the batteries, as in most cases, are controlled by external circuits. In that case, the virus will be able to control the battery regardless of whether or not the Mac is turned on. On the other hand, I highly doubt that the standard charge on its own will be enough to heat it up to unstable levels, such an event would most likely require charging the laptop.

Apple probably start using "Safe" Lithium-Ion batteries from now on. These have their Lithium compartments lined up with special materials that stop the Lithium oxidation process short, resulting only in a small "puff" of smoke rather than a full-blown chain reaction, rendering the battery useless in the process.


----------



## Jamstruth (Jul 24, 2011)

It is a strange attack vector. And they're all shipped with the same password to allow them to upgrade the firmware on the battery, otherwise each and every update to a Macbook would have to be personalised to that very Macbook. I bet the battery in my laptop has a similar "vulnerability".

He never says how he can get into the battery. I am guessing it is from a program on the system, as far as I know there's only really 1 OSX malware wandering the net at the moment and its quite rare. WHat's more it needs some user input to install from what I remember. What might be more worrying is that now actual malware creators will look for this on OTHER models of laptop and see if the same vulnerability exists to try and exploit it. If anything this is just an argument for APple to replace the passwords on ALL the batteries to something else and hide them better in future updates.

Btw ITT: People hate on Macs for no real reason..


----------



## Foxi4 (Jul 24, 2011)

The fact that there are very little viruses for Mac's doesn't help - to the contrary, OS X creators are wandering in the dark as far as system security is concerned.

They never had to fight with Malware so they won't quite know where to start. This single, rare malware you are reffering to is ages old, and OS X is still vulnerable to its effects.

As far as battery firmware updates are concerned, that was a retarded idea to begin with. It's a battery for crying out loud, it needs no updates at all. Its circuits should be external with no Write capabilities whatsoever. It should give the battery readout and that's it. You don't generally hook up something that can explode to the net in vain hopes that nobody will attempt to tamper with it.


----------



## machomuu (Jul 24, 2011)

Jamstruth said:
			
		

> ITT: People hate on Macs for no real reason..


Yup.  It's true, of course I don't hate Macs for no reason, I hate Macs 'cuz I hate Apple (and a few other reasons), and I hate Apple for a multitude of reasons.


----------



## qlum (Jul 24, 2011)

Posted the same thing on irc yesterday, maybe I should post things like this on the forum as well.
also this is the real original source. its more just theory there is no working hack and its not even certain that a wrongly configured chip can make the battery hot enough to catch fire.
The article also states that you can add a virus to the battery and corrupt the system over and over as you wouldn't know it was  the battery that caused it.


----------



## Foxi4 (Jul 24, 2011)

qlum said:
			
		

> Posted the same thing on irc yesterday, maybe I should post things like this on the forum as well.
> also this is the real original source. its more just theory there is no working hack and its not even certain that a wrongly configured chip can make the battery hot enough to catch fire.



It's not supposed to "catch fire" at all, it's supposed to create a crack in the battery and allow oxygen to enter the lithium casings, which is entirely possible. Lithium mixtures expand as they're charged, if the chip on the battery will not send a signal to the charger circuit that the battery had its fill, the Lithium will carry on expanding and creating vapor, rising the pressure until it breaks the casing.

Once oxygen comes in-contact with the battery, it will cause a violent chain-reaction as shown on-film, that on the other hand will ignite the neighbouring computer parts.

[youtube]k5f0VCoFuFM[/youtube]

This video contains a slo-mo, so that you can see for yourself how the mixture expands when subjected to excessive charging.


----------



## coolness (Jul 24, 2011)

qlum said:
			
		

> Posted the same thing on irc yesterday, maybe I should post things like this on the forum as well.
> also this is the real original source. its more just theory there is no working hack and its not even certain that a wrongly configured chip can make the battery hot enough to catch fire.
> The article also states that you can add a virus to the battery and corrupt the system over and over as you wouldn't know it was  the battery that caused it.



if you say so


----------



## raulpica (Jul 24, 2011)

Foxi4 said:
			
		

> The fact that there are very little viruses for Mac's doesn't help - to the contrary, OS X creators are wandering in the dark as far as system security is concerned.


Phew, luckily Windows has got so many malwares and viruses in all those years that now Windows is completely immun- hey wait...


----------



## YoshiInAVoid (Jul 24, 2011)

Apple sucks. End of.

Why didn't they see the flaw of having every single mac's battery password the same? What where they thinking?


----------



## Foxi4 (Jul 24, 2011)

raulpica said:
			
		

> Foxi4 said:
> 
> 
> 
> ...



That's not how it works. The ease of programming the Windows envioriment allows is a double-edged sword. The most popular envioriment is also the one that's subject to the highest ammount of malware.

There are 100.000 new viruses programmed for Windows each year and only a few for OS X, I'd say they're doing a *fine job* defending the system.


----------



## Hadrian (Jul 24, 2011)

Hi iFish


----------



## raulpica (Jul 24, 2011)

Foxi4 said:
			
		

> raulpica said:
> 
> 
> 
> ...


I know, it's just that your previous statement said that OS X creators are wandering in the dark because of the lack of malware, but I'm pretty sure that having a lot of malware (like Windows) doesn't help you in the slightest either.


----------



## Foxi4 (Jul 24, 2011)

raulpica said:
			
		

> Foxi4 said:
> 
> 
> 
> ...



Believe it or not, there's a finite ammout of techniques one could use to "break in" a house, and if you deal with alot of burglars, you naturally have more experience in making a house more "burglar-proof". Catchin' my drift?


----------



## MelodieOctavia (Jul 24, 2011)

Apple: Explode Different.


----------



## SamAsh07 (Jul 24, 2011)

machomuu said:
			
		

> Jamstruth said:
> 
> 
> 
> ...


This is the same reason from me, though I'd also like to add they are insanely expensive. That's why when buying a netbook/laptop, I end up getting a Toshiba with good reviews, saves me the cash.


----------



## raulpica (Jul 24, 2011)

Foxi4 said:
			
		

> raulpica said:
> 
> 
> 
> ...


Sure, knowing of the existence of an exploit leads to its fixing, that's no rocket science. But it still amazes me how Windows can fix an hole just to have two more discovered a while later 
	

	
	
		
		

		
		
	


	




 That's what I was talking about. That's the exact opposite of rendering something "burglar-proof". 

BTW, we're off-topic, so let's stop this here


----------



## Foxi4 (Jul 24, 2011)

raulpica said:
			
		

> Sure, knowing of the existence of an exploit leads to its fixing, that's no rocket science. But it still amazes me how Windows can fix an hole just to have two more discovered a while later
> 
> 
> 
> ...



Every even the simpliest alteration of the source code may lead to creating a new loophole, that's only natural. It's not a matter of faulty programming, it's simply a matter of how many hackers are attempting to find the loopholes. One minesweeper will look for mines for ages, an army of minesweepers will sweep a field in a matter of hours.

What's distressing about this matter is that some dill-wit in Apple thought it's a good idea to give the OS direct access to a ticking time bomb, something you just don't do under any circumstances. I've never heard of hardware that has direct access to battery chips, it's always dealt with using specific battery chip flashing units, never via software means.

The dangers of Lithium batteries are first-grade chemistry for christ's sake, unless you're willing to use Ni-Mh batteries, you don't hook the battery to the bloody OS, it's hardware design 101. People are already sending in MacBooks for service when there's an issue, battery updates could be distributed anyways if there were any problems with the current firmware. The only explaination I find is cost-cutting, seeing that you'd have to physically remove the battery if you were to flash it with a hardware flasher.


----------



## Magmorph (Jul 24, 2011)

What benefits would there be to having an updateable battery?


----------



## naruses (Jul 24, 2011)

Does this also include Macbook Pros??


----------



## VashTS (Jul 24, 2011)

Magmorph said:
			
		

> What benefits would there be to having an updateable battery?



$$$ for apple. 

this is stupid, you can't make the software make the battery "explode" maybe melt a little.


----------



## Zerousen (Jul 24, 2011)

Now I want to see it happen, lol. I'm sure iFish would be devastated.


----------



## Foxi4 (Jul 24, 2011)

naruses said:
			
		

> Does this also include Macbook Pros??



That includes every single contemporary Macbook that uses the same, "faulty" blueprint for its battery.


----------



## Dter ic (Jul 24, 2011)

Hikaru said:
			
		

> Now I want to see it happen, lol. I'm sure iFish would be devastated.



oh yes he wil be


----------



## Jamstruth (Jul 24, 2011)

VashTS said:
			
		

> Magmorph said:
> 
> 
> 
> ...


There are 2 videos in this very thread showing what happens when a lithium-ion battery overheats. Its starts a chain reaction that is very dangerous. Basically you edit the software so it always thinks its uncharged, the battery will be overcharged by the powersupply, overheat then catch fire and explode violently.
Its not a large explosion but still dangerous to anybody around.


----------



## Foxi4 (Jul 24, 2011)

Jamstruth said:
			
		

> Its not a large explosion but still dangerous to anybody around.



I'm not sure what's your standard on "large explosion", but I count 6 feet tall flames burning at a temperature of circa 1,400F (standard electronic thermometers have a scale of up to 999,99F) as "bloody strong". This kind of battery is capable of burning through aluminum (melting temperature of 1200F), I assure you that it would burn right through your lap if you won't "remove yourself" from its vicinity.

The explosion itself doesn't "emmit" a whole lot of shrapnels, but on the other hand the smoke is toxic and the temperature is extremely high, so it ignites anything that's flamable and in-contact with the burning battery.


----------



## Wizerzak (Jul 24, 2011)

Dter ic said:
			
		

> Hikaru said:
> 
> 
> 
> ...



In fact, I think he's deliberately avoiding this thread.

OT: I still fail to see, apart from more money for Apple from oblivious consumers, how an update-able battery will help. (If you can even update a battery anyway).


----------



## Jamstruth (Jul 24, 2011)

Foxi4 said:
			
		

> Jamstruth said:
> 
> 
> 
> ...


He's not been on Twitter all day so I'd say no he's not avoiding he's just not around.


----------



## _Chaz_ (Jul 24, 2011)

For this reason, anyone with a Mac should be forbidden to take it to a public area such as school or an office building.


----------



## Foxi4 (Jul 24, 2011)

_Chaz_ said:
			
		

> For this reason, anyone with a Mac should be forbidden to take it to a public area such as school or an office building.



Let's not blow the whistle just yet, we haven't seen a single case of an exploding Mac just yet - we only learned of a loophole. You'd have to be a *really malicious* person to utilize a loophole that can potentially *kill* the Mac owner or at the very least severely injure him and the people around him.

Moreover, a simple overheating won't destabilize the battery, at least it's unlikely. The Mac would have to be charged, and I doubt that you'll be able to do that while on a plane or any other spot where this could be dangerous.


----------



## Dter ic (Jul 24, 2011)

Foxi4 said:
			
		

> _Chaz_ said:
> 
> 
> 
> ...



? 
	

	
	
		
		

		
		
	


	




 what if you're on a long haul flight?


----------



## gamefan5 (Jul 24, 2011)

This is...


Spoiler



Macaggeddon.


----------



## iFish (Jul 25, 2011)

Charlie Miller is a nice guy. I doubt he will release the hack to the Internet, so we're safe unless somebody figures it out. But I'm not really worried. Charlie usually hands his exploits over to Apple (Like Pwn2Own) so I feel he already did this. 

Anyway, why am I not surprised all the Apple haters grouped here to say "In your face, Appletards!"?

EDIT: I am also not surprised my name popes up here multiple times. :3

EDIT2: Hi Hadrian.


----------



## Vigilante (Jul 25, 2011)

Windows for the win!


----------



## Nimbus (Jul 25, 2011)

Well, at least he's more than 99% likely to not leak it into the wrong hands. I love White Hat hackers like this Charlie Miller fellow sounds to be, Grey Hats are cool too, I can dig.

Not sure if this is terribly relevant as I use Ubuntu and do not use OSX at all with my new Acer Aspire 7551-7422, but I have one question. Does this only affect it when you're using OSX?

If thats the case..

*Holds up Ubuntu Live CD*

There may be a way to prevent it, a drastic one at that, but it probably would work.

No, but I jest about that (Or do I...........!?)

If the Exploit is done via EFI (All Macbooks nowadays, and as far back as my 2008 Model, and perhaps some earlier models use EFI btw. Some PC's even use it, and it allows you to boot from GPT disks), which it most likely is, as the EFI Firmware controls quite a bit of the hardware functions, then it is probably patch-able via a firmware update (An EFI update otherwise). EFI is a great creation, but I haven't noticed any security enhancements over a BIOS yet that seem noteworthy.

Just for the record, the fact that it may be done via EFI/Firmware is both moot and irrelevant, as in theory a BIOS exploit could allow the same result to occur on a non-mac Laptop, or any old Mac that used Li-on batteries and still uses a BIOS

This also proves one other thing

Lithium Ion Batteries are WoMD (Figure out the Abbreviation on your own, it's not terribly hard)




			
				Trashed post said:
			
		

> _*snip_



I think it's ironic that your avatar is a recolored Android mascot (It is based on Linux in case you dont know), but perhaps it's just for kicks and you don't happen to use Android, either way I got a short chuckle out of it, but I digress here so never-mind all that jibber-jabber.

Also 

**Holds up Linux Live CD's like a hand of cards**

You were saying...naw but I jest again, I don't like fighting Windows users, I just hate the OS with a deep, firey, burining passion, one of my own construct and for my own reasons so please don't take this as any insult.


Back on Subject here,  I should probably also ask, even if this info landed in the wrong hands, what's the likelihood that any singular individual OSX/Mac user would be affected by it? Just ponder and consider upon that notion for a second if you will.


----------



## Tom Bombadildo (Jul 25, 2011)

Nimbus said:
			
		

> Well, at least he's more than 99% likely to not leak it into the wrong hands. I love White Hat hackers like this Charlie Miller fellow sounds to be, Grey Hats are cool too, I can dig.



But now that the problem is known, can't any other competent hacker figure out a way to accomplish what Charlie did? If that happens I'm sure a bunch of people will try to blame Charlie for it in some way.


P.S. I dual boot Ubunutu AND Windows 7  
	

	
	
		
		

		
		
	


	



P.P.S. I prefer Ubuntu better


----------



## redact (Jul 25, 2011)

Foxi4 said:
			
		

> I've never heard of hardware that has direct access to battery chips, it's always dealt with using specific battery chip flashing units, never via software means.


say hello to the PSP, will ya?


----------



## cwstjdenobs (Jul 25, 2011)

Nimbus said:
			
		

> Does this only affect it when you're using OSX?



I don't think so as it's attacking the batteries firmware and not the OS. But you would probably need an OS exploit to use it.


----------



## nutella (Jul 25, 2011)

Until I see an exploding Mac, I'm not interested.


----------



## Foxi4 (Jul 25, 2011)

mercluke said:
			
		

> Foxi4 said:
> 
> 
> 
> ...



BATTERY flash, not the unit flash, dum dum. The battery chip in PSP's is read-only.

OWAIT, you be right. Pre-TA-085v2 were soft-moddable, the later ones had to be opened up. In any case, all you were able to change was the serial, not the internal mechanisms of the battery.


----------



## shakirmoledina (Jul 25, 2011)

rather than making the batteries smart, they should make it run for longer periods as shaun wishes


----------



## Foxi4 (Jul 25, 2011)

There are many things about which you could complain in a Macbook, but battery life is certainly not one of them.


----------



## FireGrey (Jul 25, 2011)

Foxi4 said:
			
		

> There are many things about which you could complain in a Macbook, but battery life is certainly not one of them.


My out-of-the-box mac is supposed to have 10 hours battery life, but it only lasts 3-4 hours, and i got the brightness down and its set to the highest power saving settings.


----------



## Sir-Fritz (Jul 25, 2011)

I'm pretty sure macs can't get virus' apple say so themself.


----------



## Foxi4 (Jul 25, 2011)

FireGrey said:
			
		

> Foxi4 said:
> 
> 
> 
> ...



...and you're doing what exactly when you measure? Because it does matter you know.

Besides, 4 hours isn't that bad at all.


----------



## Bladexdsl (Jul 25, 2011)

inb4 macs can't be hacked or get virus like windows...aw shit too late


----------



## coolness (Jul 25, 2011)

this one http://www.apple.com/mac/
$999 
	

	
	
		
		

		
		
	


	




 i sure hope the price drops too $100


----------



## Sheimi (Jul 26, 2011)

This sucks for Mac users.


----------

