Security hole in notebook batteries
Security expert Charlie Miller of Accuvant has discovered that communication between an Apple notebook and its batteries is only weakly protected by the same two passwords that he found in an old firmware update. He used them to get access to the battery's microcontroller, which he proceeded to completely reprogram, according to a press release issued by his company. He plans to reveal details at Black Hat in August, though he has already given Forbes some of the details and has also mentioned the matter on Twitter.
He says there is no risk of the compromised batteries exploding via this attack. In addition, the batteries have hardware fuses which are installed expressly for the purpose of preventing further damage if the microcontroller fails. But he does say that the battery can be made useless and that he ruined seven batteries in the tests.
Theoretically, malicious code could be written into the battery, producing malware that would even survive a reboot, a reinstall or even replacing the hard disk. But for the malware to get into the notebook from the battery, another security hole would first have to be found in how the computer interacts with the battery, such as in the routines to assess the battery return values, to allow that malicious code to be executed.