Discussion on:

Attack of the Apple laptop battery: Vulnerability could be used to install malware

Why does the battery contain any information at all? Apple is so strange...

...battery to the operating system.
This should be considered a terrorist issue, do not allow Apple laptops on airplanes, they could be remotely detonated.

Typical Apple. Not changing the default password. As if not changing [officially] the battery was bad enough. Can you imagine blowing the battery? Not only to pay for the battery [and I'm sure the "Apple Tax"] but to get the laptop serviced just to replace the battery [assuming no other damage] - in comparison to Dell, HP, Toshiba, Lenovo and others which doesn't require s any servicing [assuming nothing else is damaged].

The battery is not easily user replaceable.
Thank you sir! May I have another?

I mean no one knows about the vulnerability....

These boys (not just Apple) keep making the same mistake time and time again.

from the article in Security News Daily...

"Miller found that the Apple batteries had built-in fuses to prevent serious overheating, but there's no guarantee counterfeit batteries would have such safeguards."

and

"...this vulnerability is not confined to Apple laptop batteries."

Seems that Apple did one thing right (fuses) and that other vendors have the same risk of battery "hackage"

Which I assume is a much more difficult task.
Apparently MacOS is just an open book for exploits.

Reminds me of back when we owned a snowmobile/tractor/quad dealership. The keys for all of them were more for show then anything else.
You could start a sled by opening the hood and unplugging the key.
You could start a tractor with a screwdriver in the keyhole (and we usually did, was easier than keeping track of keys)
And you could start a quad by popping off the seat and placing a wrench across the connections.

But it has a key, that must make it secure right?

Or perhaps swapping in an already infected battery.

Something the average user can't do on a MacBook Air
(thanks to Apple's greedy, dictatorial, who-cares-about-the-user design that makes battery replacement a service call)

Assuming of course both system runs the same operating system. Which with windows is probably a safe assumption.

I question why having this chip flashable, just make it ROM only.

Because that small chip has to be intelligent enough to monitor battery cell voltages and temperature and provide appropriate charging on a cell by cell basis. As I said before it's a MCU which is basically a self contained computer (processor, memory and I/O).

Incidentally, it can't be loaded with malware that could cause it to explode.. And i never need to update the firmware. I guess the folks at Timex made the effort to make sure their software doesn't have any bugs...

Can't and won't I'm sure if there were profit in it and your watch was communicative some bright lass or laddie would compromise it!

Even though as you say
"it's a MCU which is basically a self contained computer
(processor,memory and I/O)"
It's firmware i.e. program could still be on a rom preventing malware.
But in today's world of fast to market and fix the bugs as found by the consumer the ability to update is mandatory.
The reason Miller discovered the battery password issue was that he was curious about an Apple update to his battery firmware.
Seems that
"with greater ability comes greater responsibility"

The reason. Because need dictates form and function. A BMS requires updates.

Following your logic you don't need an embedded processor either, but how practical is that based on the need?

So if I stick to only apple batteries, when I'm hacked the fuse will blow. I'll still have have my lap to stick another top in and order a new battery....
Course I won't be able to pay for it as I've no money and a crap credit rating....

A built in fuse during the purposeful hack of a chemical thermal runaway?

It's a battery not some CIA clandestine weapon.
Yes in 2006 there were incidents of fire and exploding but much has changed since then. Like the aviation industry where accidents lead to safety improvements.
Some of the required safety features required in each cell...
shut-down separator (for overtemperature)
tear-away tab (for internal pressure)
vent (pressure relief)
thermal interrupt (overcurrent/overcharging)

On the other hand an actual demonstration of just what modified firmware can do ... Perhaps Miller will do that.

If not, I predict the usual, "this is not a vulnerability, its a feature"
"Your using(or holding) it wrong"
"There is no problem"
"There is no problem (but in a few weeks, send an update to correct this anyways)"

A vulnerability has been discovered in wooden clubs. A malicious hacker could insert it into moist soil, causing it to take root and sprout, rendering the club useless for obtaining food or defending against saber tooth cats.

Users are advised to keep their clubs with them inside their caves at all times.

Nobody is safe anywhere.

With the apple logo carved into them, the rest just snap in half when you try and press them into the ground.

Apple fixes nearly all their vulnerabilities, before exploits show up in the wild.
Microsoft generally reacts after that fact; as, they have too many holes to deal with it any other way.
That's why nearly every major Windows PC has an AV running on it; and, almost no macs do, except in their Windows VM sessions (for Mac folks running windows apps).
Apple will probably have changed the password(s) on the batteries before this hack gets published.

And actualy the key difference is, Microsoft ignores the vulnerabilities until they are serious, Apple pretends they aren't any vulnerabilities and never fixes them until it draws bad media attention.

Oh wait, the two are pretty much the same then, both only fix problems when the media forces them too.

Maddox said it best...
http://www.thebestpageintheuniverse.net/c.cgi?u=macs_cant

Did you used to work at Redmond by any chance?

What does Microsoft have to do with this?

devolve into Microsoft versus Apple by the 25th post.
You know that.

Microsoft has a really solid defense strategy and ecosystem because it has evolved over time. Apple is just crawling out of the primordial soup with respect to security posture.

Don't get me wrong I like Apple products but they could learn some hard fought lessons from Redmond...

The sky is falling!

Is it really the whole sky, or just an apple?

Pie. Can it rain apple crisp ala mode?