Forget computer viruses and worms. What’s maybe the worst thing a hacker could do to your laptop? Access it remotely and shut it down — or maybe even blow it up.
Which is why famous Apple hacker Charlie Miller wanted to do just that.
“I don’t want to wake up one day and have my computer blow up,” said Miller, who is an avid user of Apple products. “I want to be the one looking at that — not the bad guys.”
How would a person blow up a laptop without even coming near it? By tampering with the software that runs its battery, said Miller, who demonstrated a way to hack into an Apple laptop battery and shut it down, but fell short of actually making it explode.
Apple did not respond to a CNN request for comment.
Miller explained his hack in a presentation at the Black Hat security conference Thursday in Las Vegas. After the talk, he sat down with CNN to talk about Apple security, hacker ethics and why long passwords can be annoying.
The following is an edited transcript:
CNN: Tell me what you were able to do with Apple’s laptop batteries.
It’s sort of complicated, but the way batteries get charged in your laptop is there’s a little chip in your battery and the computer talks to that chip to figure out what’s going on. That chip will tell it how much charge it has, how much charge it needs, how much charge it should give it — that sort of thing. What I figured out was how to change the software that runs on that chip.
When it comes from the factory, they don’t want you messing with it, so they set up passwords and stuff to prevent you from doing that. There’s two passwords, actually, and Apple didn’t change those, so you can just find documents on the Internet that said what those were and then I could change the firmware on the chips to make it (the battery) do whatever I wanted.
So what does that allow you to do?
Well, you could make it not work anymore. You can make the battery to where the computer doesn’t even know it’s plugged in. …
My goal was to see if I could make one blow. I never did that. There’s lots of different protections to stop that from happening, and also I was a little scared to blow one up in my house, you know.
Why blow it up? Why was that the goal?
I approach it like, what can people do to me, right? So I don’t want to wake up one day and have my computer blow up. I want to be the one looking at that — not the bad guys.
So I found this thing where Apple didn’t change their passwords. Well, now they’re hopefully going to change their passwords, right? So then next time I buy a laptop from Apple I won’t have to worry quite so much that someone will do something (bad).
I released a tool that you could run, if you’re particularly paranoid, that would fix this problem.
Is this the first time a hack has targeted a battery?
No one that I know has ever looked at it — or no one has ever published anything about it. You carry this thing around with you, and it has a chemistry set in it.
Other people go into a store, and they think about what to buy. I think about how to steal stuff. I don’t (actually) do it — that’s just kind of how I think.
You target Apple products primarily. Tell me why you’ve chosen to do that?
That’s a good question. I started this gig four years ago — and so back then the Apple products were way easier to break into than, say, Windows.
Yeah, they were very far behind in security.
That goes against the common perception.
Yeah, I know. People thought they were secure when they weren’t. And when I told people that, no one would believe me.
So the reason I started is it was easy. But since then, with (OS X) Lion coming out, it’s caught up. Now it’s not any easier anymore. I either have to find something else that’s easier to work on — or whatever.
Do you like Apple products?
Yeah, I have an iPhone in my pocket right now. That’s another reason. If I use it, I want it to be secure. I don’t want Steve Jobs having a commercial saying it’s secure — I want it to actually be secure. That’s my job to figure out what’s secure and what’s not.
Currently, do you think Apple products are more secure than their counterparts?
(Apple) iOS is definitely more secure than Android. Lion is basically comparable to Windows 7. You can nitpick on those two, but they’re basically both really good.
Android is lacking a couple of features that iOS has, so it’s behind.
Do you have any security tips for iPhone users?
Make sure to set a passcode for it. Otherwise, if someone picks up the phone, there’s nothing there. So set a passcode. It’s not going to protect it forever, but at least it’s some barrier for some kid that picks it up.
Don’t jailbreak your phone if you care about the security of it — because that breaks all of the security. Make sure to configure for remote “locate and wipe,” so if you lose it you can either find it or blow away all of your data on it.
How long is your mobile password?
It’s four digits, which Dino (fellow Apple hacker Dino Dai Zovi) showed in his talk you can break in 18 minutes. So if I don’t get my phone back in 18 minutes I’m in trouble. I’ve tried longer ones, but it’s just impractical. I couldn’t stick with it.
How did you get into hacking in the very beginning?
I’ve been into computers and thought hacking was cool. I got my Ph.D. in math from Notre Dame and I got hired by the NSA (National Security Agency) to be a cryptographer. But when I got there, I didn’t really like that, so they had a training program in computer security, so I learned the basics of my training there in an internship.
Where do you do your work?
At my house. I work out of my house. I’m a consultant. I spend half my time doing consultant work and the rest of my time doing research — like this kind of stuff.
Where do you live?
How long did it take you to do the battery hack?
It took about seven months — it took a really long time. Most of my research projects are like two weeks, or a month or something. But this one was so far from my comfort zone, and there had been so little written about it that it really took a long time.
So basically you’re giving away information about how to break things in an effort to make it more secure. Some people might be confused by that.
I mean, people think that — like with my battery thing — that if people didn’t talk about this, no one would have ever found out about it. And that’s just not the case.
No matter what we talk about here, there’s always bad guys — or guys who are trying to do this to make money — that are just as smart as us. And there are way more of them.
All we can do is present to everyone what we know. You can’t defend against something you don’t know.
Do you feel paranoid using Apple products knowing how many flaws you’ve been able to find in them?
A little bit. But they’ve gotten so much better. Like the iPhone. For the first year, when the iPhone came out, it was horrible. It was awful. It had no security in it, basically — at all. And then when the second iPhone came out it was much better. And since March it’s had basically every feature a security guy would want.
It’s not just me. I think it’s everyone saying they want more secure devices.
Do you work with Apple?
Not exactly. I have a cordial relationship with them. I shared with them my paper on the battery stuff like three weeks before the talk. But then again, if they would have told me not to do it I would have said, “Go to hell.” I don’t want to be their adversary. I want to have them fix stuff — and I want them to get better. I try to share with them.
Are they working on this battery thing?
Unfortunately, there’s not a lot they can do except start again and get it right.
Have hackers ever targeted you?
If they have, I haven’t caught ’em.
I’d be pretty easy to hack, I think. I don’t practice the best security myself. I’m impatient. So anytime security is going to add a lot of hassle I’m not going to do it.
I’m the cobbler whose kids have no shoes or whatever. And everyone knows exactly the software I use, the hardware I have, so it probably wouldn’t be that hard.
I just try to be a really nice guy so no one wants to go after me.