At the upcoming Black Hat security conference, a security researcher will demonstrate how he hacked the chips in laptop batteries to corrupt them beyond repair.
Charles Miller, a principal research consultant at Accuvant Labs, was able to take over chips inside the batteries powering several of Apple's popular laptop brands and "brick" them. Miller is widely known for his work on Mac OS X and Apple's iOS vulnerabilities.
As a result, Miller can overwrite Jvc Gr-1u Battery management firmware to completely disable the batteries on Apple laptops to the point that the computer no longer recognizes them as valid Acer Aspire 7535 Battery units. At this point, his method can be used to launch attacks that are more of a costly annoyance than threat to data on the machines. Malicious attackers will have to do some more work to create malware that can use the batteries as an attack vector to infect the actual machine itself, Miller said.
“What I’m showing is that it’s possible to use them to do something really bad,” Miller told Forbes.
Most modern laptop batteries come with a microcontroller that monitors the power level of the unit and sends the information to the operating system so that it can keep track of the amount of charge left. The SAMSUNG VP-DC165WBi Charger battery also relies on the chip to know when to stop recharging and to regulate how hot it gets during operation.
Miller examined MacBooks, MacBook Pros and MacBook Airs, and found that many of the batteries on those units had a 4-byte default password hard-coded on the microchips inside and a second password to give full access to the hardware firmware. With the two default passwords in hand, the perpetrator could rewrite the chips' firmware. Miller discovered the passwords after analyzing a software update from 2009 from Apple that addressed an issue with MacBook batteries. Portable DVD player Adapter He was able to reverse-engineer the chip's firmware and modify the power information it sent to the operating system. He was also able to rewrite the firmware.
The ability to access and send instructions to the chip could be used by other attackers for malicious purposes, such as preloading malware on to the chip, according to Miller. Once the attacker figures out a way to go from the Hp Compaq Business Notebook 6715b Battery to the operating system, battery-based malware could be used to infect the computer and steal data, take control of the laptop or cause it to crash whenever it was in operation, Miller said.
When faced with this kind of malware, IT administrators and users will wipe the hard drive, reinstall software and reinstall the BIOS firmware, but not think to check the Sony Vgp-bps2 Battery battery's firmware, according to Miller. "Every time it would reattack and screw you over," Miller said, noting the only way to eradicate or detect it would be by removing the Olympus Mju 800 Battery.
“These batteries just aren’t designed with the idea that people will mess with them,” Miller said.
On Aug. 4, the second day of the Black Hat conference in Las Vegas, Miller will demonstrate his hack and release a fix, "Caulkgun," to address the issue. He said he had already shared his research with Apple and Texas Instruments.
The Caulkgun program Miller will release would change the Canon Bp-808 Battery firmware’s passwords to a random string so that it would no longer be the default password. Installing this program would also mean that if Apple decides to roll out an update in the future to fix Compaq 319411-001 Battery issues, that update would fail.
The hard-coded default password has long been a problem, as there are a number of devices that ship from the factory with passwords that can't be changed. Stuxnet compromised the centrifuges at Iran's nuclear facility in 2010 by using the default password assigned to all logical controllers from Siemens.
While Miller's research seems to indicate that malware authors can target OLYMPUS LI-10C Charger battery next, it is not a bigger threat than any other possible hardware-based attacks, according to Paul Ducklin, Sophos' head of technology for the Asia-Pacific region. Apple laptop batteries are not the new attack vector any more than "any other hardware in your system with field-updatable firmware," such as the motherboard, wireless card, graphics device and others, Ducklin wrote on the company's NakedSecurity blog.
Ducklin also noted that malicious authors have re-written firmware on hardware devices in the past. In the late 1990s, there was a virus named CIH, or Chernobyl, which re-flashed the BIOS on infected systems on April 26, causing the machine to hang. "No malware ever appeared in the wild to do more than simply 'brick' an affected PC's BIOS," Ducklin said, noting that most personal computer BIOSes still aren't protected from this kind of attack.
more tags: Panasonic Nv-ds28 Battery, HP Pavilion dv3-2200 AC Adapter, Hp Compaq Business Notebook 6710b Battery , MOTOROLA V620 PDA battery, Portable DVD player Adapter, TOSHIBA Laptop DC Adapter, Dell Inspiron 1501 Battery, Panasonic Nv-gs21 Battery, TOSHIBA Satellite Pro 4200 AC Adapter
next blog: Casio Tryx: A Genre-Straddling Camera
No comments:
Post a Comment