Security expert finds vulnerability exposing MacBook batteries to 'bricking,' malware - Page 2

You are stating this information as fact.

Either you are in a position to know these things, in which case you are likely not in a position to comment without breaking your employment contract, or you are making assumption s, in which case you should not state them as fact.

Regardless, believing that a battery's firmware cannot cause it to operate out of spec requires an unenviable dearth of imagination. Likewise believing that corrupt or malicious firmware cannot affect the operating system. Yes, indirectly invoking a code path that was not intended.

As to whether battery firmware can cause a fire, well, I'm not in a position to know, but just using my MacBook Pro under light load seems to come fairly close.

This seems like a weird line to tack on, even though it is true.

But I do find your comments on this subject to be very informative. It's clear things aren't quite right with Miller's story in several ways.

Releasing his own “fix" is NOT as good as waiting for the vendor’s patch. He should wait for the vendor’s patch—that’s proper protocol and serves security (as opposed to self-promotion) the best. But he isn’t. I wonder what consequences will fall to people who apply his patch and can no longer receive REAL firmware updates?

And although he hasn’t released the details, he’s told the “bad guys” (if any) what to look for. In short, he’s done much to cause malware, and all the wrong things to stop it. Along with all of which, yes, he did catch and report a real problem... in the wrong way by any reasonable security standard. So, thanks to Miller for that. He’s still in the wrong with his self-serving timing choices.

And wrong in exaggerating what he’s found. (Hinting at fires/explosions, and injection of malware to the OS, neither of which this vulnerability can actually cause. He might as well say, “this issue can’t inject malware onto your Mac. But just imagine if there was some other bug too, in the OS itself... maybe that would be scarier and work hand-in-hand with this issue! Well, imagine away... it’s good for self-publicity! What he should say is, “One could wonder whether this issue could cause even worse things. I have no idea. I see no mechanism by which a fire or explosion could happen, nor injection of malware to the OS, so I don’t want to exaggerate this falsely. But I don’t know for sure—those questions are outside my knowledge right now.” Or, he could simply not mention those hypothetical but scary-sounding “extras” at all yet, if he’s trying to be a professional and fact-based "researcher.")

Proper protocol generally involves notifying the vendor and giving them a reasonable amount of time to distribute a fix. It does not require withholding the exploit until a fix has been distributed. The article states:


It's not clear when he notified Apple, but there is ample precedent for releasing details of an exploit when a vendor seems to be sandbagging on a fix. Notably, this has happened to Microsoft in response to IE exploits.

I contacted them via phone and was pushed up two levels of support. Upon which time my request for a replacement was refused, even though I had done the research regarding two different Apple battery recalls.

I then made a report to the CPSC and two months later I got a telephone call from a lady at the Apple home office. She arranged for the battery to be replaced after she got some photographs of it along with the serial number.

If my battery didn't come from the same manufacturing plant that made the original mistake then why is my replacement battery screwing up too? Sony made both of them.

http://www.msnbc.msn.com/id/14500443...ook-batteries/

http://www.engadget.com/2006/07/31/a...ecall-program/

http://www.computerweekly.com/Articl...y-problems.htm

This isn't just bad for Mac users, just announcing where he found the flaw means other hackers will probably start looking for similar flaws in other computer battery types. This could have a horribly devastating effect on all PC laptops as well. These guys really don't give a crap who they hurt getting their claim to fame.

There seems to be a presumption on the part of the person I responded to, and others, that this vulnerability is as described and that Apple must respond. In fact, the vulnerability is not as described and Apple's response would have to be a mix of addressing the true vulnerability (which is the potential bricking of batteries) and educating the masses in battery pack engineering. I expect Apple to address the vulnerability but I do not expect them to address the ignorance of would-be experts.

We still hear mention of the "faulty antenna" in the iPhone 4, which has been shown to be as good as any contemporary phone (several carriers recommend the iPhone 4 for fringe reception areas, which would be hard to explain if they thought the iPhone's reception was inferior).

As a design engineer of 35 years, and one that has designed LiPo charge systems and the instruments that control them (not dissimilar from a laptop), I am confident that Mr. Miller has overstated the problem significantly. I also expect that was the result of ignorance, not malice. Expertise in operating system security is not expertise in electrical engineering.

I have a 2007 MacBook and when it was about 26 months old it developed a fault of simply shutting down without notice. It only did this when on battery power. I took it to the Apple genius who plugged an ipod into my computer which ran a test program on the battery. He said it was defective. Not worn out, not past its number of cycles, but that it contained defective cells. He replaced the battery without question. I did have Applecare, but that specifically excludes batteries. Your experience seems to be totally at odds with mine.

See following post....

Cure and patch, in the context you used them, are not synonymous. Patch would be synonymous with treatment. "Take two aspirin and and call me in the morning." A cure would mean that the security exploit would be eradicated forever, which, since it's a security issue, would be unwise to say. That's why the terms patch and fix are used, both imply temporary.

Just sayin'.

The point about them refusing to replace it is strange to me. It was several years ago but we had one battery that swelled up and they replaced the battery without question. We did have a battery that refused to hold a charge and the 'genius' ran tests and said that we had only unplugged it 12 times in 6 months (we were unplugging it daily) and we had to push a bit but they replaced it after some consulting with each other.

You would rather an unethical person find the vulnerability and exploit it? Miller isn't the problem, the problem is the base vulnerability.

Sheesh, I never understand people like you and this attitude...

Maybe he has and Apple hasn't responded yet? There are plenty of examples of where researchers pointed out stuff to Apple and months and months went by with no response from Apple.

At least now it's out there and we all know about it. Who's to say someone else hasn't found it before Miller? The vulnerability is there - whether he publicized it or not.

So you claim. Batteries have caught fire in the past, so it *can* happen.


What's so special about battery controller firmware that x86 code couldn't be stored in it? Code is just bits of data - there's nothing special about x86 or other bits.

Bits are bits.


When you have the demonstrated credentials that he does, your assertions might be worth something. Otherwise your just a random anonymous voice on the 'net with no cred.

Like AntennaGate?

I think you are getting Apple confused with some other company. I have NEVER had Apple refuse or scrimp on a repair. I have had them swap out temperamental iPods with brand new ones without batting an eye. When my late 2008 MPB battery started to swell, I took it to the Apple store and the Genius said "Well, it certainly should look like that!" and in less than 10 minutes I was out of there with a new battery. When my Mom's out of warranty MacBook developed a crack in the case and she took it in for one-on one training, the Apple rep working with her told her, after her class, to bring it back next week and they would swap the case - which they did.

Apple doesn't have a greater than 90% customer satisfaction rating because the "refuse to fix product defects until there is such a consumer and media uprising" - just about every single time such a "defect" is fussed over, just like the iPhone 4 antenna, it's a non-issue and a bunch of ignorant people running their mouths starting crap.


I find that hard to believe based on my own experience. Which "Apple" absolutely refused to replace? Were you at a store?

And mine.

Apple Store Sydney refused to replace my dramatically bulging MacBook Pro battery because the machine was 7 months out of warranty. Extremely frustrating.

A replacement battery is now bulging also after only 80 cycles. Pretty pissed off.

I'm pretty sure he is making good life with the job he is doing.

Malware creators should get life before security experts do, anyway.

You might want to try a phase-change heat pad - I think the bulging issue is more a thermal problem than a cycle problem.

*SIGH* Geez Doc. Cars have crashed in the past to so don't drive your car anywhere. bsimpsen was being very specific, and unless you can demonstrate that a battery control firmware alteration (at least before Miller has a chance to - if its possible) can IN FACT cause the battery to malfunction to catch fire, you don't have enough data or facts here to make that statement in relation to this alleged hack. And since we don't know the specifics of the hack (how it is delivered, how it is triggered, what it in fact affects) you are doing an admirable Chicken Little here.

Just because Miller is a popularized tech celeb with a reasonable track record of hacking for security remediation doesn't mean in this case that you have a significant vulnerability. That we will not know until Miller demonstrates the process to do the hack. And speaking of random voices on the internet with no cred, yours is in no better position (nor is mine for that matter), and a moot point at best. However I DO have electronic materials application research in my background and everything that bsimpsen has stated thus far has jived with what I know of the battery technology in question - so credibility therefore is in the eye (and the technical background of the beholder).

Moreover if you understand the systems involved - you would know that the battery system firmware is only part of the total system that controls power management in the Apple (or any) computer. There are a couple of standards mandated safety checks (and perhaps others by Apple as well) that the system has to support to be a consumer electronic device. Miller is self-admittedly (according to the article) NOT an expert on what the firmware can and cannot do if hacked - he's still messing around with it. He is an OS systems security expert. He is simply for the purposes of this exercise extending his expertise into an adjacent area of firmware control that he has not attempted before.

Anyone who has a background in firmware and coding would know that simply putting x86 code into the battery management firmware would be essentially meaningless unless it was executable by that system somehow. So no, categorically, bit are not created equal in this case.

Time to reboot your arguments.