Laptop Battery Vulnerability

A new type of vulnerability may be on the forefront, a battery vulnerability. Newer batteries have a PCB that monitor charge levels, initiate charging, and regulate heat. According to Charlie Miller, a leading security expert, batteries in the new Macbooks are shipped with the default username and password. This default username and password is designed to allow Apple to send out updates to the battery. Unfortuneatly, this also allows criminals to exploit the battery and place malware on them or even overcharge the battery, possibly leading to an explosion.

This goes to show that in IT security you need to stay up to date as to what the latest threats are. Not many security professionals would think to check the battery. Staying up to date is the best way to protect your IT resources from harm.

For further reading, visit:

Enhanced by Zemanta

5 thoughts on “Laptop Battery Vulnerability

  1. That’s a good lesson for everyone, end-users and engineers included: Change the default password! That type of low-hanging fruit is one of the first things bad guys check when trying to break into stuff. I agree that not many people would’ve thought about the battery being a security risk. Why does a battery need firmware updates anyway? It’s a battery! Sometimes engineers come up with the most convoluted ideas…

    • The password shouldn’t need to be the default in order for the manufacturer to push updates. Each password should be unique and the manufacturer should keep a list of them in order to make sure there are no vulnerabilities.

  2. It’s very important to change your passwords for anything including your battery on a Mac. If your battery is exploited, what good is a computer without a power source. I would think that the battery is like the backbone to a laptop or any battery operated device. Hackers will stop at nothing to attack your personal belongings and it’s crazy that a lot of these attacks are done without people even knowing about them.

    • I don’t believe that the battery password can be changed by the user. A update issued by the manufacturer is required in order to change the password. Most people don’t realize that there are circuits on your battery which makes them vulnerable.

  3. This is a very interesting post to me because it just shows and increased security measures start to be put into place, hackers will begin to find exploits in other areas, where they typically would look, to be able, for what every reason they have, to damage, destroy or steal information and data that would have otherwise not been used. And using the battery and battery system of a laptop is not really at the top of lists for exploits of a computer. And by the way default passwords are NOT safe, and companies as large as Apple should know that. Administrators need to be cleverer to be able to protect their systems and protect the information on those systems and using a default password is the worst way possible to do that.

Comments are closed.