Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Apple Laptops Vulnerable To Battery Firmware Hack

Soulskill posted about 3 years ago | from the good-thing-they're-so-easy-to-replace dept.

OS X 272

Trailrunner7 writes "Security researcher Charlie Miller, widely known for his work on Mac OS X and Apple's iOS, has discovered an interesting method that enables him to completely disable the batteries on Apple laptops, making them permanently unusable, and perform a number of other unintended actions. The method, which involves accessing and sending instructions to the chip housed on smart batteries, could also be used for more malicious purposes down the road. Miller discovered the default passwords set on the battery at the factory to change the battery into unsealed mode and developed a method that let him permanently brick the battery as well as read and modify the entire firmware. 'You can read all the firmware, make changes to the code, do whatever you want. And those code changes will survive a reinstall of the OS, so you could imagine writing malware that could hide on the chip on the battery. You'd need a vulnerability in the OS or something that the battery could then attack, though,' Miller said."

cancel ×

272 comments

Sorry! There are no comments related to the filter you selected.

Why? (4, Insightful)

Qwell (684661) | about 3 years ago | (#36851586)

In other news - batteries have firmware.

Re:Why? (0, Troll)

DanTheStone (1212500) | about 3 years ago | (#36851678)

They slowly kill off battery cells, one at a time, until your battery won't last more than a minute. When that happens you'll have to buy a new battery or (as this is Apple, and they're not friendly to battery replacement) a new computer.

Re:Why? (1)

Anonymous Coward | about 3 years ago | (#36851776)

The batteries are replaceable. They just require a screw driver.

Re:Why? (1)

EkriirkE (1075937) | about 3 years ago | (#36852024)

The firmware, however, still thinks the cells are dead and reports so to the charger/OS.

Re:Why? (1)

Anonymous Coward | about 3 years ago | (#36852086)

The firmware is in the battery. When you replace the battery you replace the firmware.

Re:Why? (1)

EkriirkE (1075937) | about 3 years ago | (#36852510)

Sorry, I had it in my head the comment meant replacing the cells in the battery pack. Which is what I usually do with other devices as its much cheaper. Disregard.

Re:Why? (0)

Anonymous Coward | about 3 years ago | (#36852472)

Did you even read the summary? He's modifying the firmware of the battery itself. Ergo, changing the battery fixes the problem.

Re:Why? (-1)

Anonymous Coward | about 3 years ago | (#36852092)

Why indeed? There really is no good reason.

To control charging? No, that should be the charger in the laptop.
To manage diagnostics? No, that should be handled by discreet test kit.
To systematically deplete the battery in order to ensure sales? That could more easily and cheaply be accomplished with lower quality cells.
To negotiate with the laptop in order to verify authenticity, thus preventing you from buying anyone else's battery? Well, now you're on to something. Unsurprisingly, this is already done with iPod chargers.

There is no non-predatory reason for battery firmware. But, when they really get pressed, I'm sure they'll say that they are protecting the children from the evil "exploding" after market batteries.

Re:Why? (3, Insightful)

jo_ham (604554) | about 3 years ago | (#36852192)

You got it right the first time - to control the charging process. That is the "non predatory" reason that lithium ion batteries have chips in them, and it is *absolutely* not unique to Apple.

Don't let facts get in the way of a good Apple bash though!

Re:Why? (1)

Elbart (1233584) | about 3 years ago | (#36852302)

Well, just with the difference that Apple apparently wants their batteries (resp. its microcontroller) to be updateable.

Re:Why? (1)

z00Azz (807940) | about 3 years ago | (#36852382)

To control charging, to report diagnostic info like the number of charge-discharge cycles and the full charge capacity. It also stores info, like the battery S/N, date of manufacture, etc. If you put this fuel gauge(evil chip) somewhere else, like in the notebook, it wouldn't be able to differentiate between two different batteries.

Re:Why? (5, Informative)

CFD339 (795926) | about 3 years ago | (#36852106)

Lithium Ion batteries are inherently unstable and have to be charged and discharged very carefully. Unlike the old school batteries you'd think of, these batteries have a controller to manage them built in. When that fails, you have big problems (remember the defective ones a few years ago that would just burst into flames?)

Re:Why? (-1)

Anonymous Coward | about 3 years ago | (#36852342)

This does not explain why it needs firmware.

Re:Why? (1)

bsharp8256 (1372285) | about 3 years ago | (#36852490)

Lithium Ion batteries are inherently unstable and have to be charged and discharged very carefully. Unlike the old school batteries you'd think of, these batteries have a controller to manage them built in.

Sounds like an explanation to me.

Re:Why? (2, Interesting)

joocemann (1273720) | about 3 years ago | (#36852122)

In other news - batteries have firmware.

WHY!!?!?! I echo your sentiment because this is ridiculous.

1) Why would a device whose purpose is to provide electrical supply have to have firmware, or even some other-than-electrical relationship with the system.
2) Why would someone permit any communication from the 'firmw'a....

you know.. I could count out the reasons but its just too frustrating to conceive the stupidity in Apple's choices here.

THE REASON VULNERABILITIES ARE FOUND/EXPLOITED IS BECAUSE ENGINEERS/DEVELOPERS PERMIT THEM BY POOR DESIGN.

If the target pathway of the attack was not open or existent, it could not occur. This is the absolute logic of the situation. In nearly all cases, if there is no backdoor you cannot open it. The people making software and hardware need to be thinking about how to achieve goals without opening doors. They should be considering the involvement of absolute hardware protection on the PHYSICAL level, possibly even involving analog technology, that mediates security. I know a bunch of shortsighted CS people will reply with their lack of brainstorming answers, telling me its not possible... The winner being the one who can make it possible.

Re:Why? (0)

Anonymous Coward | about 3 years ago | (#36852264)

Batteries have firmware in order to track the current charge level and total remaining battery capacity. The firmware keeps track of the fact that your 5500 battery can only charge up to 3800, which in turn allows your OS to adjust its battery capacity measurements to display 3800 as 100%. Never seen Windows or Linux throw up warnings about your battery needing replacement?

Re:Why? (0)

Anonymous Coward | about 3 years ago | (#36852336)

1) Why would a device whose purpose is to provide electrical supply have to have firmware, or even some other-than-electrical relationship with the system.

Because Lithium Ion batteries are dangerous and require circuity and logic to make sure that they charge properly. Also this logic provides services for things reporting the charge level and charging time. Also allows the battery to keep track of charge cycles and can inform the OS when a battery needs replacement.

2) Why would someone permit any communication from the 'firmw'a....

To allow the firmware to be updated allowing enhancements and fixing bugs.

Re:Why? (1)

ColdWetDog (752185) | about 3 years ago | (#36852360)

1) Why would a device whose purpose is to provide electrical supply have to have firmware, or even some other-than-electrical relationship with the system.
2) Why would someone permit any communication from the 'firmw'a....

Let's see - so the user could have some idea what the battery charge was? So the user could have some idea what the 'health' of the battery is?

And notice that Charlie Miller (the hacker) could NOT figure out how to control the computer from the battery. It's possible that with more work he could, but that remains to be seen. Security is ALWAYS a tradeoff between useability. If you're so paranoid, unhook the battery, and run it off the wall wart.

And loosen the straps on the hat. The tinfoil is eating into your brain.

Re:Why? (0)

Anonymous Coward | about 3 years ago | (#36852420)

The most secure computer is one that's in a sealed room within a faraday cage and with not even a single cable going in or out. It also happens to be the most useless computer. Whenever you require interaction, you need communication, and it means you will need some channel to transmit the required information. We don't know of any single method to make this interaction 100% secure, we only make it as hard as possible within some practical limits... at least we intend to, with different degrees of success. (no I'm not from apple, but I am a software engineer)

Re:Why? (1)

Threni (635302) | about 3 years ago | (#36852534)

Main reason is we're not all as smart as you. Also we don't have infinite budgets, time restraints or an ability to see into the future - all things you manifestly possess.

Re:Why? (1)

rednip (186217) | about 3 years ago | (#36852548)

It's not like it's a router with a default password, it's a battery wired into the laptop. The fact that it even has a username and password is likely only an unneeded part of the stable code the firmware is based on. Would you expect that every laptop would be shipped with a different default password for it's BATTERY?

Why would a device whose purpose is to provide electrical supply have to have firmware

Now you're just trying to re-engineer the battery, what would make you think that you can? While it might seem to be a requirement, simply having a snarky know-it-all attitude doesn't quite make one an engineer.

Re:Why? (1)

yakatz (1176317) | about 3 years ago | (#36852284)

Firmware [wikipedia.org] in [sbs-forum.org] a [batteryuniversity.com] battery [buchmann.ca]
Smart batteries are used by Apple [apple.com] , Lenovo [lenovo.com] , HP/Compaq [hp.com] , and other companies.

Re:Why? (2)

TheGratefulNet (143330) | about 3 years ago | (#36852474)

hey, I just 'flashed' my battery.

is that good or bad?

and, if I crossflash to another model, can I overclock its volts?

This is kinda weak without a patch.. (1)

synthesizerpatel (1210598) | about 3 years ago | (#36851602)

So, kudos for looking at the patches and finding the password, but without providing a tool to set the password to something else this is just kinda weak. 'Hai guys, I rooted your battery and you can't do anything about it!'. Clever but not helpful.

Yes, it is helpful: it lets you exchange cells (1)

Anonymous Coward | about 3 years ago | (#36851694)

This IS important in good and bad ways. Since you have the password to the SBS pack microcontroller, you can change the cells and reset the counters.

This both enables people to refurbish packs (which has its consequences, since untracked Li-Ion cells can be *dangerous*), and to sell counterfeit packs (which is even worse).

Re:Yes, it is helpful: it lets you exchange cells (0)

Anonymous Coward | about 3 years ago | (#36852272)

Or you could just buy the chips new they are commonly available.

Re:Yes, it is helpful: it lets you exchange cells (2)

Toonol (1057698) | about 3 years ago | (#36852368)

This both enables people to refurbish packs (which has its consequences, since untracked Li-Ion cells can be *dangerous*), and to sell counterfeit packs (which is even worse).

On the plus side, it might allow refurbished packs and cheap offbrand replacements.

Re:This is kinda weak without a patch.. (0)

Anonymous Coward | about 3 years ago | (#36851908)

So, kudos for RTFA.

Miller plans to release a tool at Black Hat that will go in and change the defualt passwords on the battery's processor so that the hacks he developed won't work. It will lock the battery in sealed mode permanently

Vulnerabilities (0)

Anonymous Coward | about 3 years ago | (#36851610)

It mentions a required vulnerability to make use of in-OS. Would it perhaps be possible though to fetch for such software from the outside?

Re:Vulnerabilities (2)

YodasEvilTwin (2014446) | about 3 years ago | (#36851928)

No it doesn't. He grabbed the passwords from updates and now has access, no vulnerabilities required.

This why you NEED battry packs that can b REMOVEed (0, Troll)

Joe_Dragon (2206452) | about 3 years ago | (#36851658)

This why you NEED battry packs that can be Removed from the systems.

Windows PHONE has this. and there are people who may need the battery life that you can only get from swapping battery's.

Re:This why you NEED battry packs that can b REMOV (-1)

Anonymous Coward | about 3 years ago | (#36851692)

This why you NEED battry packs that can be Removed from the systems.

Windows PHONE has this. and there are people who may need the battery life that you can only get from swapping battery's.

But windows phone doesn't have spell check or working shift key. I'll pass.

Re:This why you NEED battry packs that can b REMOV (1)

WrongSizeGlass (838941) | about 3 years ago | (#36852052)

But windows phone doesn't have spell check or working shift key.

Maybe you could hack the Win Phone's battery to install a spellchecker and a shift key.

Re:This why you NEED battry packs that can b REMOV (2)

Oh Gawwd Peak Oil (1000227) | about 3 years ago | (#36851712)

The article and Slashdot summary are about laptops, not iPhones or iPods. It is extremely easy to replace a battery on an Apple laptop. Just as easy as it is on other brands of laptop.

Re:This why you NEED battry packs that can b REMOV (1)

ioErr (691174) | about 3 years ago | (#36851764)

The battery on my MBP is built-in. I'd expect most other brands to allow you to replace the battery without resorting to screwdrivers.

Re:This why you NEED battry packs that can b REMOV (0)

Anonymous Coward | about 3 years ago | (#36851930)

OMG! Don't make me RESORT to actually using a household tool!!!!!

Re:This why you NEED battry packs that can b REMOV (1)

YodasEvilTwin (2014446) | about 3 years ago | (#36851950)

Opening a laptop case normally voids the warranty.

Re:This why you NEED battry packs that can b REMOV (1)

SuricouRaven (1897204) | about 3 years ago | (#36852454)

IIRC, it's not a household screwdriver. It's a tamperproof screwdriver, which is officially sold only to approved companies who use the tamperproof screws in their products. Not that this stops you buying one on ebay... there is always a grey market for something like that.

Re:This why you NEED battry packs that can b REMOV (1)

ColdWetDog (752185) | about 3 years ago | (#36852398)

The battery on my MBP is built-in. I'd expect most other brands to allow you to replace the battery without resorting to screwdrivers.

Screwdrivers are scary to you or something? I pulled the back off of my new MBP - took all of 5 minutes. Now, if you're one of those relatively few people that swaps out batteries to keep working, then a new MacBook isn't your best choice. You only have a couple of hundred others. For the rest of us, replacing a used up battery every three years (and cleaning out the fans) isn't such a hardship.

Re:This why you NEED battry packs that can b REMOV (2)

Oh Gawwd Peak Oil (1000227) | about 3 years ago | (#36851768)

Oh . . . sorry, I checked and some newer models are not easy to be replaced. They require factory replacement. My MacBook Pro, which is a few years old, has a battery that is extremely easy to pop out, but unfortunately it seems like that's not the case with more recent models.

Re:This why you NEED battry packs that can b REMOV (1)

ChristopherBurg (1840388) | about 3 years ago | (#36851874)

It's actually not that terribly difficult to replace [ifixit.com] the "non-replaceable" batteries in the unibody MacBook Pros.

Re:This why you NEED battry packs that can b REMOV (1)

neongrau (1032968) | about 3 years ago | (#36851714)

so you can have more than one battery bricked?

Re:This why you NEED battry packs that can b REMOV (1)

joocemann (1273720) | about 3 years ago | (#36852186)

Let me point out the obvious.

*so you can have a working battery again*

Re:This why you NEED battry packs that can b REMOV (1)

ego centrik (1971902) | about 3 years ago | (#36851800)

Windows PHONE has a battery? Wherefore?

Re:This why you NEED battry packs that can b REMOV (0)

Anonymous Coward | about 3 years ago | (#36852110)

The registry. Experience has taught me that everything in Windows is somewhere in the registry.

Re:This why you NEED battry packs that can b REMOV (0)

joocemann (1273720) | about 3 years ago | (#36852164)

I can't believe you were modded 'troll'.

Ridiculous fanboys are without logic, dignity, or even common sense. You would think they would want an improved product, but that is not what fanaticism is about, I suppose.

Re:This why you NEED battry packs that can b REMOV (1)

mschiller (764721) | about 3 years ago | (#36852206)

Actually this may not be a vulnerability in units without a removeable battery. When a Lithium Ion [or polymer] battery is removable manufactures install microcontrollers with firmware to orchestrate the safety system and do battery life management. This firmware is often provided by the pack subcontractor rather then written by the larger system manufacturer...

The pack has firmware for two reasons:

1) There is a variety of failure mechanisms that can cause fire and explosion with Lithium Ion batteries. When the uC detects one of these is occurring the battery is either temporarily or permanently placed in "Safe" mode. This disconnects the battery from it's terminals. Since on units with removable batteries these conditions can occur outside of the unit, these important safety functions must be built into the battery. Your typical Cell phone battery has three or more terminals for these functions [even though only 2 terminals is needed to charge/discharge the battery]
===> Another safety concern is "fake" batteries which often don't have these safety features, so often the uC authenticates itself to the Laptop before it can be used. This protects from counterfeits and also makes the laptop manufacturer money on replacement batteries.....

2) Charge Cycles and battery capacity information is also stored and calculated. This information is provided to the higher level system, when the battery is inserted. This is important so your Laptop can guess (relatively accurately) how much time is left even after you change the battery to a possibly degraded or partially charged spare. [Current monitors detect how much power goes into the battery and how much is removed. Based on historical information from previous charge/discharge cycles a good guess on the remaining capacity can be made]

Things are different however in units with a non-user serviceable battery. A lot of the safety concerns can be explained away and not protected against, since the battery is in a more protected position (this all comes down to lawsuits, if you can say the user tampered with the unit and prove it then the company is off the hook...). So often they will have a "dumb" charger connected to the battery with most of the safety functions removed. A special purpose capacity monitor chip (without firmware) can be used for the power monitoring feature. Thus in a lot of systems you don't need the uC (and thus the firmware) at all, if you assume the battery can't be tampered with...

PSP Pandora Battery (2)

MBCook (132727) | about 3 years ago | (#36851680)

Isn't this sort of like how the Pandora Batteries worked on the PSP? I think they enabled a diagnostic mode as opposed to a direct hack, but the battery being used to corrupt the system thing isn't totally new.

On the plus side, the hard to replace batteries people complain about make this attack more difficult to perform, instead of just taking a few seconds.

Re:PSP Pandora Battery (2)

Anarchduke (1551707) | about 3 years ago | (#36851744)

Thats a minus, not a plus. A hard to replace battery isn't any harder to hack, its just harder to fix.

Re:PSP Pandora Battery (1)

gl4ss (559668) | about 3 years ago | (#36852032)

Thats a minus, not a plus. A hard to replace battery isn't any harder to hack, its just harder to fix.

he was thinking of using it to hack a laptop you've gained access to.

No worries here (5, Funny)

JoeWalsh (32530) | about 3 years ago | (#36851684)

I don't have to worry about that. Not only am I using a Dell, but my battery exploded.

Re:No worries here (0)

Anonymous Coward | about 3 years ago | (#36851726)

I wish I could be poor enough to upgrade from my Mac to a Dell and have 'enhanced' security like you.

Re:No worries here (1)

_xeno_ (155264) | about 3 years ago | (#36852002)

Not only am I using a Dell, but my battery exploded.

Don't worry, Apple laptop batteries do that too.

I'm already on my second Apple laptop battery after the first one bulged to the point it no longer fit within the laptop case. Thankfully I'm using the "old" MacBook: the one where you can replace the battery and hard drive on it, both things you can't do with the new ones.

Which makes me think that somehow I might be staying away from the new "sealed" MacBooks with the unreplaceable batteries, especially because searching for "bulging battery" [google.com] brings up nothing but horror stories about Apple batteries. Apparently they've had this problem for over five years and have never bothered fixing it.

Re:No worries here (3, Informative)

jittles (1613415) | about 3 years ago | (#36852162)

Actually, it's not terribly hard to remove the batteries on the 2011 Macbook pros. Not something you could do easily on a plane, or in the car, but you can definitely do so with just two screwdrivers. Or one screwdriver with a replaceable bit.

Re:No worries here (1)

joocemann (1273720) | about 3 years ago | (#36852204)

You'd better be careful with all those facts. Slashdot mods might mod you 'troll'.

Physical access? (1)

AK Dave (1459433) | about 3 years ago | (#36851700)

Doesn't this exploit require physical access to the actual battery?

On top of that, according to the actual article, any potential malware installed on the battery itself would then need a separate vulnerability in the OS itself in order to do anything. In other words, malware on the battery isn't going to exploit the OS by itself. It isn't going to hijack the bootloader.

But it all goes back to the original problem: the bad guy has to gain physical access to your battery. Which means getting hold of the Macbook, tearing it down, and then what the heck just installing some code on the battery?

Somehow, I'm really not threatened by this.

Re:Physical access? (3, Interesting)

SomePgmr (2021234) | about 3 years ago | (#36851870)

I only skimmed it, but it doesn't seem to say if he needed physical access to the battery to do this. Obviously the two must communicate (on-battery and OS), but it doesn't say if access was achieved on an in-use battery from the host machine.

Obviously this is important, because it changes the attack vector significantly. There's a big difference between being vulnerable to the battery manufacturer or if a random infection could push code to the battery (or even brick it).

Re:Physical access? (2, Insightful)

Hognoxious (631665) | about 3 years ago | (#36851882)

Doesn't this exploit require physical access to the actual battery?

I'm not worried, mine has never been anywhere near a Chinaman.

Re:Physical access? (0)

Anonymous Coward | about 3 years ago | (#36852526)

You mean after it was assembled?

OSX is the least secure OS in mainstream use (-1, Troll)

drsmack1 (698392) | about 3 years ago | (#36851746)

To argue anything different would be to argue that Bakersfield, CA is more secure than NYC because they have had no terrorists crash their planes into buildings there.

Linux is a fortress with only occasional breaches, Windows looks bad in comparison only because it is a user OS and is under an unrelenting attack.

To all the apple guys out there who tell people that macs are inherently more secure than PCs - shame on you. And if you are a mac user who takes exception to that last sentence, be a flagrant non-conformist and re-read it before you hit the reply button.

Frothing anger whilst you type some variation of "I never do that, how dare you flame ALL mac users" makes you look like a entirely different type of fool than the ones described.

That is all.

Re:OSX is the least secure OS in mainstream use (1)

Anonymous Coward | about 3 years ago | (#36851852)

LOL, Linux is hardly a fortress. Like Windows, it is as secure as you have it configured. Windows can be configured into a fortress, but is usually not by default. I don't think every Linux distribution is configured to be a fortress by default. But how can I know? The entire Linux distribution space is fragmented beyond any sort of standard.

I do agree that OSX is the least secure OS, though.

Re:OSX is the least secure OS in mainstream use (0)

Anonymous Coward | about 3 years ago | (#36852006)

The only way Windows can be configured into a Fortress is keeping it in the shrink-wrap. :) It's funny... laugh.

Re:OSX is the least secure OS in mainstream use (1)

maxwell demon (590494) | about 3 years ago | (#36852214)

The only way Windows can be configured into a Fortress is keeping it in the shrink-wrap. :) It's funny... laugh.

Windows kept in the shrink-wrap is easily hacked. All you need is an ordinary axe.

Re:OSX is the least secure OS in mainstream use (0)

Anonymous Coward | about 3 years ago | (#36852170)

I agree that many Linux Distributions are not necessarily more secure than Windows in their default configuration, though there are many things you can do to make Linux more of a fortress which you can't do on Windows. Examples are proper Mandatory Access Control, ASLR for every process, ... and since you have the source code of the entire OS, you can compile every program with protections (for example stack cookies).

Re:OSX is the least secure OS in mainstream use (1)

SuricouRaven (1897204) | about 3 years ago | (#36852506)

Windows server is configured to be secure by default. The other versions are certainly not. There is always a tradeoff between security and convenience for the user. MS sides with security on the server default, and convenience on the non-server default. This can be seen in hundreds of tiny little decisions.

To name just one random example, Windows Media Player can run scripts embedded in WMA/WMV/ASF files, and does by default - a feature intended to allow for DRMed files to fetch licence information from a website, but in practice used mostly by p2p-propagated viruses and malware. On the non-server versions of windows, playing a .mp3 file (As WMP doesn't go by extension to identify file type) can easily be enough to pick up something nasty. On server? Media player isn't even installed. Nor, for that matter, is the service for audio enabled by default.

Re:OSX is the least secure OS in mainstream use (1)

burris (122191) | about 3 years ago | (#36852062)

It would be a real shame if there was a major malware attack on OSX and Apple was forced to flip the switch to make OSX refuse to run code that isn't signed by Apple. That kind of stuff must keep people in Cupertino awake at night.

Re:OSX is the least secure OS in mainstream use (0)

Anonymous Coward | about 3 years ago | (#36852096)

Good try troll, good try.

Re:OSX is the least secure OS in mainstream use (4, Informative)

makubesu (1910402) | about 3 years ago | (#36852114)

If I install windows or some linux flavor on my mac, it doesn't mean this vulnerability goes away. It's a hardware problem, hardware made by someone besides apple. I'm not sure what this has to do with which operating system is most secure.

Re:OSX is the least secure OS in mainstream use (0)

drsmack1 (698392) | about 3 years ago | (#36852326)

It's hard to separate the OS from the platform when it comes to Apple. I'm reasonably sure that my Compaq laptop battery does not have firmware that is accessible by malicious code. Reasonably. :)

Re:OSX is the least secure OS in mainstream use (1, Redundant)

jo_ham (604554) | about 3 years ago | (#36852234)

Cool story bro.

Re:OSX is the least secure OS in mainstream use (0)

drsmack1 (698392) | about 3 years ago | (#36852288)

I'm guessing you hit reply before you engaged the reading comprehension engine in your head. Still felt the need to say something so that your effort was not wasted I see. Sort of sad really.

Re:OSX is the least secure OS in mainstream use (1)

jo_ham (604554) | about 3 years ago | (#36852388)

No, I just posted something of equal value to your post. You certainly aren't interested in discussion but it's clear you wanted some interaction.

Re:OSX is the least secure OS in mainstream use (1)

drsmack1 (698392) | about 3 years ago | (#36852476)

You must be judging my interest in discussion from some other post; there was nothing to discuss in yours. It would be disingenuous for you to argue differently. If you have an opposing argument I would be happy to consider it.

You may be suffering under a misconception though; I work on a lot of different platforms. Each has it's merits. The closest thing to being a fanboy that I ever exhibit would be for the music of ELO.

See:
http://www.rantsandpranks.com/2010/09/genocidal-hp-tech-support.html [rantsandpranks.com]
http://www.rantsandpranks.com/2010/09/i-attack-country-of-norway-and-win.html [rantsandpranks.com]
http://www.rantsandpranks.com/2010/11/joes-wife-got-rooted.html [rantsandpranks.com]

Re:OSX is the least secure OS in mainstream use (1)

jo_ham (604554) | about 3 years ago | (#36852588)

No, you really aren't interested in discussion:

To argue anything different would be to argue that Bakersfield, CA is more secure than NYC because they have had no terrorists crash their planes into buildings there.

So, your position is that your opinion is fact, and no amount of arguing will change that.

To all the apple guys out there who tell people that macs are inherently more secure than PCs - shame on you. And if you are a mac user who takes exception to that last sentence, be a flagrant non-conformist and re-read it before you hit the reply button.

Frothing anger whilst you type some variation of "I never do that, how dare you flame ALL mac users" makes you look like a entirely different type of fool than the ones described.

Again, your position here is a pre-emptive ad hominem. You're clearly not interested in discussion, you just wanted to flame Apple.

You cannot start from the position of "I am right, and if you try to say I'm not, you're a clueless fanboy who should be ashamed of holding a different opinion to me" and expect to be taken seriously.

Offtopic (1)

WD (96061) | about 3 years ago | (#36852328)

This issue has absolutely nothing to do with OSX.

Re:Offtopic (1)

drsmack1 (698392) | about 3 years ago | (#36852522)

Certainly it does - it points out the fact that OSX provides unfettered access to the battery firmware. The idea that battery firmware even *needs* a password is a little frightening.

Lets make a bet. I wager 100 quatloos that if Apple issues a fix, it will be to the OS and not the battery firmware.

Please reply, it would be cowardly not to.

Re:OSX is the least secure OS in mainstream use (0)

Anonymous Coward | about 3 years ago | (#36852334)

I'm cutting you off, you've had plenty of Kool Aid.

Re:OSX is the least secure OS in mainstream use (1)

Anubis IV (1279820) | about 3 years ago | (#36852504)

I could write all about over generalizations and bad metaphors, but I'll avoid that, since your comment does a good enough job of demonstrating your hyperbole and rhetoric without me having to add my thoughts. Instead, I'll link to someone who disagrees with you and cites experts who disagree with you.

http://www.theregister.co.uk/2011/07/21/mac_os_x_lion_security/ [theregister.co.uk]

Now, I don't know enough about all of the Lion security upgrades to say that I necessarily agree with the article's claims that Lion is as secure as a mythical Windows 7++ or is the most secure OS out there, but to suggest that it's the least secure OS is insincere and illogical for you to have said, and deserves reexamination. You cite Linux as a fortress, but then provide no reasoning other than occasional breaches, which applies equally well to Macs, meaning that the number of breaches isn't the distinguishing feature between secure and insecure for you. If you want to suggest that Macs get by only thanks to security through obscurity, the same could be said of Linux, which enjoys even more obscurity, so calling one a fortress and the other the least secure wouldn't make sense if that were your criterion either. That only leaves the inherent design of the OS itself, but many of the security checkboxes that Windows and Mac OS have been ticking off these last few years are not present by default in the most popular Linux distros (e.g. ASLR isn't in the normal Gentoo distro). I can't find any logic in your comment that would justify calling Mac OS the least secure while referring to Linux as a fortress, which isn't to say that you're necessarily incorrect, just that your stated reasoning is flawed.

Also, I think you've forgotten an important distinction. I've always made an effort to educate people on the difference between security and safety when determining risks involved. A house with bars on the windows and locks on the doors is secure, but if it's in a high-crime area, it's not safe. Conversely, a house lacking bars and locks is insecure, but if it's in an area with no crime, it's still safe. Regardless of your thoughts on Mac security, Macs have enjoyed a great deal of safety in recent years, and safety really is the more important metric, since it talks about reality as opposed to mere possibilities.

Now, that's not to say that security should be ignored. Far from it, in fact, and I want to make that perfectly clear, since the potential does indeed exist for massive damage to be done in an insecure area even if it was previously safe. But the pendulum swings the other way too, and people who repeatedly decry something that is safe for reasons that fail to come to fruition are just made to look the fool. That Apple has improved the security in Mac OS significantly in the last few years should further allay any of those concerns.

Write protect required (1)

DeHackEd (159723) | about 3 years ago | (#36851762)

I would argue that everything with writable firmware should have some kind of jumper on it (default: on) to write protect the firmware. Thus you can only patch firmware by inserting a jumper on the right pins.

Still, anyone should think twice before being told "short these contacts on your battery in order to enable firmware updates."

Re:Write protect required (1)

Lokitoth (1069508) | about 3 years ago | (#36852572)

Unless you go with "You need to update the firmware," *DUMMY MODE ON* "so please bridge these two contacts with the jumper by opening up the case and moving that little thing over to the right one slot."

Sex wit4 fa nigga (-1)

Anonymous Coward | about 3 years ago | (#36851810)

And exciting; win out; either the bEtween each BSD

Firmware should have a write-enable switch (5, Insightful)

davidwr (791652) | about 3 years ago | (#36851812)

This is just one more reason why software that's not designed to be frequently changed should be write-protected unless the user sets a specific hardware switch.

If the hardware switch is in its default location - "protect" - it should be mathematically provable that the firmware cannot be overwritten.

Re:Firmware should have a write-enable switch (1)

gmuslera (3436) | about 3 years ago | (#36852036)

Writable firmware/BIOS, can turn vulnerabilities into nightmares [serverwatch.com] . You don't have to write complex replacement firmware, just be able to write garbage there and turn millons of computers,cellphones network/gfx cards and so on into paperweights.

Firmware should also have an "unbrick" mode (1)

davidwr (791652) | about 3 years ago | (#36852386)

Every computer or computer-like device that isn't so cheap that you can just throw it away should have a "factory reset" procedure that doesn't require a lot of technical skill, but which does require physical access.

Here's how it might work on a typical PC with write-able BIOS:

BIOS has 3 or 4 sets of code:
* Mini-bootstrap, which is read-only.
* Rescue code, which is read-only.
* Active boot BIOS, which is read-only except when either the "flash bios" or the "rescue me" jumper or switch is turned on.
* [optional] Copy of those parts of the BIOS needed after boot loaded into temporary memory by the OS

Normal boot sequence is
Mini-bootstrap -> Active boot BIOS -> whatever the boot BIOS loads next.

The purpose of the Mini-bootstrap is to validate the Active boot BIOS and only allow booting to continue if the Active boot BIOS passes an integrity check OR the "validation bypass" switch or jumper, if any, is on. Apple and other locked-device manufacturers will not have this jumper.

When the "rescue me" jumper or switch is on, the boot sequence becomes
Mini-bootstrap - > Rescue code

The rescue code's only job is to validate and copy replacement BIOS code from a defined location, such as the first USB port that has something plugged into it that passes the validation check (or the first USB port, if the "validation bypass" jumper or switch is set), over the existing Active boot BIOS and zero out any remaining bits.

The mini-bootstrap and rescue code and the hardware needed to run them should be simple enough that you are extremely highly confident they are free of bugs that keep them from doing their jobs.

The "normal" BIOS-flash routine would be as it is today, which on most computers is done either within the BIOS user interface or through the operating system's user interface.

By the way, I am very aware that most validation techniques can be defeated with enough time and effort, so this technique will only keep a device "locked" but at the same time "rescue-able" if the validation technique's secrets are kept secret until the device is considered obsolete. In other words, 2-5 years for many devices, a bit longer for home computers.

requires root? (1)

v1 (525388) | about 3 years ago | (#36851900)

Most firmware flashing requires the root password to perform, so I'm assuming that unless you're talking about removing the battery from the computer. So at least authentication is required for this, which lessens the threat considerably.

However, this is a very interesting angle. I can somewhat see where there's a password required for access, but it's more to keep the battery secure than the computer. Or possibly to prevent cycle-count tampering to get around warranty claims on consumed batteries that are still in warranty by calendar days.

So any bets how many days it takes Apple to push a security update that changes the password on any battery it sees? I can't imagine them letting this stand, and the password (on the battery end) is almost certainly in the firmware, so it should be changeable.

Re:requires root? (1)

chemosh6969 (632048) | about 3 years ago | (#36852066)

SOP for Apple is to not acknowledge the problem. As we all know, pretending a problem doesn't exist, makes it go away. Eventually enough people complain and force Apple to acknowledge. Their acknowledgement will be to deny it's a problem and possibly say some other company has the same issue. A few weeks after that, Apple will release a patch to fix this nonexistent problem. Don't forget that Apple laptops aren't built to be able to run at full speed without a working battery and in fact only run a little above half speed. If you macbook starts running slow and you thought you had a working battery, you might have a problem.

Re:requires root? (1)

v1 (525388) | about 3 years ago | (#36852184)

SOP for Apple is to not acknowledge the problem.

Until they patch it, yes. That itself is SOP industry-wide. It only attracts criticism when they drag their feet patching it, which Apple isn't known for.

You might want to read up on Apple Security [apple.com]

Re:requires root? (1)

grimmjeeper (2301232) | about 3 years ago | (#36852100)

Most firmware flashing requires the root password to perform, so I'm assuming that unless you're talking about removing the battery from the computer. So at least authentication is required for this, which lessens the threat considerably.

Right. Because a virus would never give itself root access...

Re:requires root? (0)

Anonymous Coward | about 3 years ago | (#36852274)

Which requires root which the virus would give it'self root which requires root.....

This simply means that the virus would have to be two fold, break the os security and break this security issue. If the virus has root access, well, your already screwed. This attack merely makes it much much harder to remove the virus AFTER the damage.

Upgradable firmware is upgradable... (1)

bledri (1283728) | about 3 years ago | (#36851980)

News at 11.

Re:Upgradable firmware is upgradable... (1)

gl4ss (559668) | about 3 years ago | (#36852080)

in the modern world, that actually is news. I got plenty of devices with non upgradeable firmware(though the company that sold 'em originally could update)

Ah Apple... (0)

Anonymous Coward | about 3 years ago | (#36852026)

That bastion of security. LOL

FYI, they have more vulnerabilities than WIndows.

macs/apples are pieces of shit (0)

Steevee (75886) | about 3 years ago | (#36852048)

why people use apples and macs is completely beyond me. they're total junk. i'm forced to use one (macbook 'pro') where i work and i hate it. applications constantly crash, i can out type any application on the thing, the network constantly disconnects, i have to restart it several times a day...my 7 year old pc at home is faster.

these things are a total joke.

Re:macs/apples are pieces of shit (0)

armanox (826486) | about 3 years ago | (#36852238)

I can say the same thing about Windows 7 on an i5 Lenovo compared to my Macbook Pro 1,1. Well, the networking works on the Lenovo, but other then that...

Re:macs/apples are pieces of shit (0)

jo_ham (604554) | about 3 years ago | (#36852256)

Cool story bro.

I almost believed it.

Re:macs/apples are pieces of shit (1)

Freultwah (739055) | about 3 years ago | (#36852356)

They employ 13-year-olds now?

Lulz (2)

ae1294 (1547521) | about 3 years ago | (#36852188)

So does anyone know if the firmware can be upgraded to cause the battery to burst into fames? That would be funny and probably not covered by the apple warranty.

Re:Lulz (1)

markjhood2003 (779923) | about 3 years ago | (#36852564)

FTA:

"I started out thinking I wanted to see if a bad guy could make your laptop blow up. But that didn't happen," he said. "There are all kinds of things engineers build into these batteries to make them safe, and this is just one of them. I don't know if you could really melt the thing down."

Begging the question... (0)

Anonymous Coward | about 3 years ago | (#36852468)

Can the battery be programmed to explode ?

the concept of 'device management' (1)

TheGratefulNet (143330) | about 3 years ago | (#36852568)

I used to work on 'network management' and the NMS systems would drill down and do queries on the equipment in the rack. equipment usually would support an 'environmental' data set that includes dynamic info (volts, current, fan-flow, temperature) but also static info (serial #, vendor #, batch #, pcb version, firmware version). its useful to have that.

I learned from experience that the closer to the device this info lives, the better. there can be multiple NMSs that walk the network or poll devices. if the info is stored 'in the cloud' (barf..) then all the NMSs have to replicate and share that info. otoh, when you keep the info on the device, any NMS can get at the info and the info is more 'definitive' (the closer you are, the more you 'own' that info that describes you).

connect this to batteries. these are devices that could benefit from unique-id's. if the battery is removed from one of your laptops and used in another, the charging history, last charge timestamp - all that would be *on* the battery and the local o/s could use it or the local charging station could use it. it 'belongs' more on the device than on some remote system. this is one reason to have a chip 'in there'.

the down side is that many (most?) 'chipped batteries' exist to lock you OUT of doing things you want, like finding a 2nd or 3rd source for the battery. panasonic was a good example: they once were open and while not officially endorsed, you could find $5 ebay cheap knockoffs instead of the $50 vendor rechargeable. well, the good times ended and they 'pulled a sony' and now pany batteries are chipped. 'for your protection' but they are authentication chipped for vendor lock-in (or lock-out, depending on POV).

there's good and bad. the 'remote element mangement' engineer in me likes having the info really on the device. but the authentication 'chipping' of batteries sickens me to no end.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>