Description: SecurityTube Live Update: We had promised a lot of video coverage in BH but my camera hard drive died after my first video :( So the videos we are posting are short teasers of the full talks. But should be fun to watch nevertheless.
This was one of the best talks I attended at BH. Charlie Miller was just awesome! I just loved the way he broke down the details of his entire research and the whole journey. The only thing I missed was a live demo of something bad happening to your Mac using the battery hack :)
Battery Firmware Hacking
Ever wonder how your laptop battery knows when to stop charging when it is plugged into the wall, but the computer is powered off? Modern computers are no longer just composed of a single processor. Computers possess many other embedded microprocessors. Researchers are only recently considering the security implications of multiple processors, multiple pieces of embedded memory, etc. This paper takes an in depth look at a common embedded controller used in Lithium Ion and Lithium Polymer batteries, in particular, this controller is used in a large number of MacBook, MacBook Pro, and MacBook Air laptop computers.
In this talk, I will demonstrate how the embedded controller works. I will reverse engineer the firmware and the firmware flashing process for a particular smart battery controller. In particular, I will show how to completely reprogram the smart battery by modifying the firmware on it. Also, I will show how to disable the firmware checksum so you can make changes. I present a simple API that can be used to read values from the smart battery as well as reprogram the firmware. Being able to control the working smart battery and smart battery host may be enough to cause safety issues, such as overcharging or fire.
Tags: blackhat , securitytube , charlie miller , mac , battery , hacking ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.