Hacker Halted: Charlie Miller on Battery Firmware Hacking

Wednesday, November 02, 2011

Dr. Charlie Miller, principal research consultant for Accuvant LABS and four time Pwn2Own winner, discusses Battery Firmware Hacking at the Hacker Halted Conference in Miami.

Charlie Miller spent five years as a Global Network Exploitation Analyst for the National Security Agency. During this time, he identified weaknesses and vulnerabilities in computer networks and executed numerous successful computer network exploitations against foreign targets.

He sought and discovered vulnerabilities against security critical network code, including web servers and web applications.

Since then, he has worked as a Senior Security Architect for a financial firm and Principal Security Analyst for Independent Security Evaluators, a security consulting firm. He is currently Principal Research Consultant at Accuvant Labs.

His areas of expertise include identifying vulnerabilities in software, writing exploits, and computer attack methodology. He is a Red Hat Certified Engineer (RHCE), GIAC Certified Forensics Analyst (GCFA), and is a Certified Information Systems Security Professional (CISSP).

He has a B.S. from Truman State University and a Ph.D. from the University of Notre Dame.

Presentation Abstract:

"Ever wonder how your laptop battery knows when to stop charging when it is plugged into the wall, but the computer is powered off? Modern computers are no longer just composed of a single processor. Computers possess many other embedded microprocessors."

"Researchers are only recently considering the security implications of multiple processors, multiple pieces of embedded memory, etc. This paper takes an in depth look at a common embedded controller used in Lithium Ion and Lithium Polymer batteries, in particular, this controller is used in a large number of MacBook, MacBook Pro, and MacBook Air laptop computers."

"In this talk, I will demonstrate how the embedded controller works. I will reverse engineer the firmware and the firmware flashing process for a particular smart battery controller. In particular, I will show how to completely reprogram the smart battery by modifying the firmware on it."

"Also, I will show how to disable the firmware checksum so you can make changes. I present a simple API that can be used to read values from the smart battery as well as reprogram the firmware. Being able to control the working smart battery and smart battery host may be enough to cause safety issues."

Infosec Island was proud to be a media sponsor for the Hacker Halted Miami event.


Bio information via Corporate site and/or LinkedIn

Possibly Related Articles:
Security Awareness
Hacking Infosec Island Hardware Security Information Security Infosec EC-Council Hacker Halted Conference Battery Firmware
Post Rating I Like this!