A flaw in Apple firmware that could let a hacker render a laptop battery inoperable is unlikely to allow an attacker to use the hole to start a fire, according to security expert Charlie Miller.
Miller is due to give a talk on the flaw on August 4 at Black Hat. Some news articles have speculated that the flaw could allow a hacker to set fire to a laptop dell inspiron 1545 battery remotely. Miller told ZDNet UK on Monday that this was unlikely:
Q. What is the flaw you found in Apple firmware, and how can it be used? What devices does the flaw affect?
A. The flaw is that Apple didn't change the default passwords on the embedded controller that they ship with their laptop toshiba satellite m35x-s111 ac adapter batteries. This allows arbitrary changes to be made to the devices, including changing the firmware itself. It affects all laptops I've checked, including Macbooks, Macbook Pros, Macbook Airs, etc.
An attacker could 'brick' the dell latitude d630 battery, i.e. make it not charge or talk to the computer and this could not be fixed (afaik). I've done this many times by accident to my dell xps m1330 battery while researching, so I definitely know it's possible!
Since the firmware is in charge of managing the safety of the dell inspiron 1525 ac adapter battery, it is possible that changes to the firmware could be used to eventually cause a fire or something. I must point out that I haven't done this and don't know if it is possible because there are other safety mechanisms on the dell inspiron 1545 ac adapter battery such as thermal fuses that may make it impossible. I don't really know enough about Compaq presario c710tu battery to say for sure what the risk is, but I believe it is quite low.
Q. How did you find the flaw?
A. I was curious if a remote attacker could do something 'physical' to a system.
Q. What are the implications for Apple users?
A. Probably nothing. If I was a remote attacker who had root privileges on your system, I'd probably want to steal your credit card, not brick your hp pavilion dv9000 battery. If you're super paranoid, I'm releasing a tool that changes the password on the firmware and protects you from this type of attack.
more battery tags: dell 6y270 battery, sony pcga-bp2v battery, dell inspiron 1525 ac adapter, dell studio 1537 ac adapter, TOSHIBA pa3331u-1brs battery, toshiba pa3356u-1brs battery, compaq presario r4000 battery, hp pavilion dm1-1000 ac adapter, HP pavilion n5420 ac adapter
next blog: Battery saving tricks for Smartphone owners
No comments:
Post a Comment