Saturday, August 6, 2011

“Somebody set up us the bomb! We get signal. What!”

Wow!  I just read an article from CNN about Charlie Miller, a St. Louis resident who just recently demonstrated a hack at the Black Hat security conference in Las Vegas that can disable the battery of a MacBook.  He said his goal was to see if he "could make one blow".  He unable to accomplish his goal because of different mechanisms in place on the battery hardware itself but he was able to get it to essentially stop working.  A pretty cool proof of concept!


Getting one to blow up though is not too far fetched of an idea, however.  The circuitry that protects the battery from exploding is probably accessible through the same mechanisms he used to disable it.  Purely speculation here but he was probably a few lines of code away from getting to those protective mechanisms, exploiting them, and then having complete control over the battery in an unstable way, but was probably on a deadline to get his presentation out and figured disabling it was going to have to do for now.

So what does all this mean to the general public?  Well, it means we should be thanking Mr. Miller for finding this exploit before someone malicious released it into the wild.  Because of his efforts, this problem will probably be “fixed” relatively soon with a patch from Apple.  I would imagine that a stream of devices will probably all be patched in the near future to prevent this type of attach from occurring including primarily phones and laptops, but think about the number of devices you use or know about that connect to the internet and have a battery:  Amazon Kindle, Barnes and Noble Nook, high end alarm clocks, satellite radio, home security systems, cars with OnStar, etc.

While disabling a battery doesn’t really seem like much, think about the potential for a few minutes.
Let’s look a totally fictitious scenario for a moment:  a major software company wants to drive sales of its latest operating system but it found that many people were still satisfied with the one from 10 years ago and have no real desire to upgrade.  What to do, what to do?  One way to get people to upgrade is to drive new hardware purchases, right?  Ah ha!  Release a “patch” for that 10 year old operating system that disables the battery of those older laptops!  Then people will be forced to upgrade!  Brilliant!


Is that all that can be done though?  Not necessarily.  Picture this more sinister scenario:  a terrorist cell identifies the logic to disable the safety mechanism on the battery and actually get it to explode.  This opens the potential to disable it on any similar battery.  They also figure out how to trigger a remote code execution on your laptop, phone, OnStar, whatever and push this code out via text message, email, website popup, etc.  Payload day comes and boom goes the dynamite!  Millions of micro chemical explosions worldwide, disabled workers, crippled communications, highways littered with dead vehicles, etc, etc.

We could essentially all be carrying bombs with us that could literally be remotely detonated and explode at any time!  Sounds pretty crazy, but it seems like almost every wireless device has a battery, and inside the battery is a combination of chemicals, and on the cover of every battery is a warning that says caution, explosive!

Probably VERY far fetched....... or is it?!  You tell me!  ;)  Until next time, keep your electronics away from the women and children!


Oh, and for those that do not get the "Somebody set up us the bomb!" reference, see the classic worldwide phenomenon All Your Base Are Belong To Us.

No comments:

Post a Comment