Skip to main content

Hackers Could Make a MacBook's Battery Explode

Apple security expert and hacker Charlie Miller has exposed a very frightening security flaw that potentially affects all models of MacBooks, including the Pro and Air lines.

Miller found that MacBooks share a common password that's required to gain access to the controller chip that's responsible for the battery. A hacker could hijack the firmware to render a lithium-ion battery useless so it no longer holds a charge – or even worse, turn off the temperature management to make it potentially explode.

MacBook batteries, and nearly all other laptop batteries, usually have a failsafe feature in them to prevent overheating, but anything is possible as we've seen in past reports of battery explosions.

Another scary possibility is that the battery firmware could become home to malware that would persist even with full hardware wipes or replacements. Battery removal isn't a common way to troubleshoot malware.

“You could put a whole hard drive in, reinstall the software, flash the BIOS, and every time it would reattack and screw you over. There would be no way to eradicate or detect it other than removing the battery,” Miller told Forbes.

In order to gain access to the battery firmware, however, a hacker would first need to infiltrate Mac OS X to gain access.

Miller will detail his findings and MacBook battery experiments (he's already bricked seven batteries in his tests) at the Black Hat conference in August. There he'll also release a tool he made, called Caulkgun, that will randomize the password for the battery controller. Of course, the changing of password will also lock out Apple's future updates to the firmware – so really, the best case scenario would be for Apple to come up with a better solution.

“These batteries just aren’t designed with the idea that people will mess with them,” Miller says. “What I’m showing is that it’s possible to use them to do something really bad.”

  • matt314
    1234567890 of course
    Reply
  • phishy714
    In more recent news, hacker Charlie Miller has been found dead in a dark alley behind his home. Police believe it has something to do with him finding a flaw with Apple's design. Steve Jobs has been brought in for questioning.
    Reply
  • house70
    "In order to gain access to the battery firmware, however, a hacker would first need to infiltrate Mac OS X to gain access."

    Like that's hard...
    Reply
  • captaincharisma
    get ready apple to get tons of orders for macbook's from al qaeda
    Reply
  • the_krasno
    According to XKCD an overclocked notebook battery with a full charge has the same explosion energy as a hand grenade. The more you know.
    Reply
  • HMM...I wonder if hp does something like this to kill batteries so they barely last a year.

    Reply
  • hardcore_gamer
    Is there any password to make Job's head explode ?
    Reply
  • Knowing Apple, the PW is: SJisGoD1955
    Reply
  • coldmast
    I'm confused, is the controller chip on the battery or the laptop?
    Reply
  • That's Not A Flaw... Its A Feature... You Fools
    Reply