Miller, a brand-name hacker who now works as Principal Research Consultant at Accuvant Labs, will use the Black Hat stage to discuss the embedded controller used in Lithium Ion and Lithium Polymer batteries. In his research, he found that the controller is used in a large number of MacBook, MacBook Pro, and MacBook Air laptop computers.
“In this talk, I will demonstrate how the embedded controller works. I will reverse engineer the firmware and the firmware flashing process for a particular smart battery controller. In particular, I will show how to completely reprogram the smart battery by modifying the firmware on it. Also, I will show how to disable the firmware checksum so you can make changes. I present a simple API that can be used to read values from the smart battery as well as reprogram the firmware. Being able to control the working smart battery and smart battery host may be enough to cause safety issues, such as overcharging or fire.”As reported by Andy Greenberg at Forbes.com, Miller found that the batteries’ chips are shipped with default passwords, such that anyone who discovers that password and learns to control the chips’ firmware can potentially hijack them to do anything the hacker wants.