Charlie Miller, the white-hat hacker who Pwn2Own’d the iPhone 4 earlier this year (and 2 years prior), has discovered a vulnerability in the MacBook’s battery that allows it to be completely hijacked. A malicious user could potentially brick the battery or cause it to overheat and explode by disabling the microcontroller that tells the battery when to stop charging.
Access to the battery’s firmware would also enable a hacker to run low-level malware that can’t be removed even after the operating system is wiped.
“You could put a whole hard drive in, reinstall the software, flash the BIOS, and every time it would reattack and screw you over. There would be no way to eradicate or detect it other than removing the battery.” says Miller.
Miller plans to disclose the vulnerability and suggest a fix at the Black Hat security conference in August.