You are here

T-675: Apple Laptop Battery Interface Lets Local Users Deny Service

July 25, 2011 - 7:03am

Addthis

PROBLEM:

A vulnerability was reported in the battery interface used in Apple laptop models. A local user can cause denial of service conditions.

PLATFORM:

Mac OS X

ABSTRACT:

Apple Laptop Battery Interface Lets Local Users Deny Service

reference  LINKS:

SecurityTracker Alert ID: 1025831
Apple Article: HT1222
Forbes Article

IMPACT ASSESSMENT:

Medium

Discussion:

The battery microcontroller interfaces uses common API keys. A local user with knowledge of the keys can control the microcontroller functions. This can be exploited to prevent the battery from being charged, interfere with battery heat regulation, or cause the battery to stop functioning.

Impact:

A local user can prevent the battery from charging, interfere with the battery heat regulation, or cause the battery to become unusable. Modern laptop batteries contain a microcontroller that monitors the power level of the unit, allowing the operating system and the charger to check on the battery's charge and respond accordingly. That embedded chip means the lithium ion batteries can know when to stop charging even when the computer is powered off, and can regulate their own heat for safety purposes. Batteries in several Macbooks, Macbook Pros and Macbook Airs, has found a disturbing vulnerability. The batteries' chips are shipped with default passwords, such that anyone who discovers that password and learns to control the chips' firmware can potentially hijack them to do anything the hacker wants. That includes permanently ruining batteries at will, and may enable nastier tricks like implanting them with hidden malware that infects the computer no matter how many times software is reinstalled or even potentially causing the batteries to heat up, catch fire or explode.

Solution:

No solution was available at the time of this entry.
Apple Support

Addthis