Attack of the Apple laptop battery: Vulnerability could be used to install malware

A security researcher has uncovered a potentially serious vulnerability in Apple laptop batteries that could result in altering the firmware, allowing a malicious cracker to plant malware.

The new MacBook Airs have arrived to some rave reviews, but here's a scary thought: a security researcher says that Apple's laptop batteries are vulnerable to potential attacks that could plant malware or even be rigged to damage the laptop. The researcher in question is Charlie Miller, who has won the annual Pwn2Own contest four times with his Mac OS X and iOS exploits, so he knows what he's talking about.

Miller found that Apple gives the same password to the logic chip that allows Apple to send out battery firmware updates. The problem is that this opens the door for malicious crackers who could potentially alter that firmware and do a lot of mischief. Here's the scoop from the Security News Daily:

Miller reverse-engineered the Apple battery firmware ("bricking," or permanently damaging, seven of the $130 batteries in the process) and discovered how to alter it to send false readings to the laptop user, to damage the battery or even to serve as a hidden repository for malware.

"You could put a whole hard drive in, reinstall the software, flash the BIOS and every time it would re-attack and screw you over," Miller told Greenberg. "There would be no way to eradicate or detect it other than removing the battery."

Miller has reportedly notified Apple and plans to present his findings at the upcoming Black Hat security conference in Las Vegas (August 3 - 4, 2011).