Story

DEFCON 19: Battery Firmware Hacking

Speaker: Charlie Miller Principal Research Consultant, Accuvant Labs Ever wonder how your laptop battery knows when to stop charging when it is plugged into the wall, but the computer is powered off? Modern computers are no longer just composed of a single processor. Computers possess many other embedded microprocessors.

Researchers are only recently considering the security implications of multiple processors, multiple pieces of embedded memory, etc. This paper takes an in depth look at a common embedded controller used in Lithium Ion and Lithium Polymer batteries, in particular, this controller is used in a large number of MacBook, MacBook Pro, and MacBook Air laptop computers.

In this talk, I will demonstrate how the embedded controller works. I will reverse engineer the firmware and the firmware flashing process for a particular smart battery controller. In particular, I will show how to completely reprogram the smart battery by modifying the firmware on it. Also, I will show how to disable the firmware checksum so you can make changes. I present a simple API that can be used to read values from the smart battery as well as reprogram the firmware.

Being able to control the working smart battery and smart battery host may be enough to cause safety issues, such as overcharging or fire.

For more information visit:

http://bit.ly/defcon19_information

To download the video visit: http://bit.ly/defcon19_videos

Playlist Defcon 19: http://bit.ly/defcon19_playlist