Battery firmware hacking

Charlie Miller takes an in depth look at a common embedded controller used in Lithium Ion and Lithium Polymer batteries.

In this talk Charlie will demonstrate how the embedded controller works, reverse engineer the firmware and show how to completely reprogram the smart battery by modifying the firmware on it.

Watch this video on YouTube

Views

Likes

DEF CON

Source: DEF CON

Christiaan008

Source: Christiaan008

Hacking

Main category

Hacking

Hacking

Subcategory

Hacking

Hardware

Main category

Hardware

Hardware

Subcategory

Hardware

Knowledge is the life of the mind

p

What is firmware?

In electronic systems and computing, firmware is “the combination of a hardware device, e.g. an integrated circuit, and computer instructions and data that reside as read only software on that device”.  As a result, firmware usually cannot be modified during normal operation of the device.

Firmware is held in non-volatile memory devices such as ROM, EPROM, or flash memory. Changing the firmware of a device may rarely or never be done during its economic lifetime; some firmware memory devices are permanently installed and cannot be changed after manufacture.

Learn more about firmware

Article

It was never designed to be secure

Most of it is vulnerable for the same reasons the firmware the Equation Group targeted is vulnerable: it was never designed to be secure. Most hardware makers don’t cryptographically sign the firmware embedded in their systems nor include authentication features in their devices that can recognise signed firmware even if they did. Read more

Presentation

There is more of an administrator level access to it and there is a key for that. It turns out that Apple never changes those, so you can just look up on the Texas Instruments site and find what those passwords are and use them.

An interview with Charlie Miller during the Hacker Halted conference about his presentation ‘Battery Firmware Hacking’.

Article

These controllers can be hacked in a fairly straightforward manner

According to Miller, these controllers can be hacked in a fairly straightforward manner. By reprogramming the microcontroller’s firmware, a battery could report a much lower internal voltage or current, causing the charger to overcharge the battery. In Miller’s testing, he was only successfully able to turn a series of seven $130 MacBook Pro batteries into expensive bricks, but he told Ars that it may be possible to cause fire or even an explosion. Read more

Article

How the NSA firmware hacking works and why it’s so unsettling

ONE OF THE most shocking parts of the recently discovered spying network Equation Group is its mysterious module designed to reprogram or reflash a computer hard drive’s firmware with malicious code. Read more

article_96_96_blue

Faulty firmware in Lenovo batteries
Date: 26-02-2013
Source: Jason’s code blog

Hacking laptop batteries: A new security threat
Date: 04-08-2011
Source: Cnet

Apple left default passwords in batteries, making them vulnerable to hacks, explosion
Date: 29-07-2011
Source: Betanews

Apple Laptop Batteries Can Be Bricked, Firmware Hacked
Date: 22-07-2011
Source: Threatpost

Apple laptops vulnerable to hack that kills or corrupts batteries
Date: 22-07-2011
Source: Forbes

presentation_128_96_blue

Battery Firmware Hacking
Date: 2011
Source: Accuvant

Derbycon 2011: Battery Firmware Hacking
Date: 2011
Source: Irongeek

tutorial_96_96_blue

PSP hacking guide: Pandora battery
Date: 31-01-2010
Source: Instructables

whitepaper_96_96_blue

Battery Firmware Hacking: Inside the innards of a Smart Battery
Date: 27-07-2011
Source: Accuvant

Change your thoughts and you change your world

Videos from the same category or videos related to the subject.

You will find something new to watch and expand your knowledge.

Printers gone wild!

Printers gone wild!

How NOT to Store Passwords!

How NOT to Store Passwords!

Asymmetric Digital Warfare

Asymmetric Digital Warfare

29C3 GSM: Cell phone network review

29C3 GSM: Cell phone network review

Secure code reviews magic or art? A simplified approach to secure code reviews

Secure code reviews magic or art? A simplified approach to secure code reviews

DEF CON 13: Google hacking for penetration testers

DEF CON 13: Google hacking for penetration testers

OWASP AppSecUSA 2011:How NOT to implement cryptography for the OWASP Top 10 (Reloaded)

OWASP AppSecUSA 2011:How NOT to implement cryptography for the OWASP Top 10 (Reloaded)

DeepSec 2007: Browser hijacking

DeepSec 2007: Browser hijacking

OWASP AppSecUSA 2011: Ghosts of XSS past, present and future

OWASP AppSecUSA 2011: Ghosts of XSS past, present and future

22C3: Attacking the IPv6 protocol suite

22C3: Attacking the IPv6 protocol suite

DEF CON 17: Hijacking web 2.0 sites with SSLstrip

DEF CON 17: Hijacking web 2.0 sites with SSLstrip

29C3: We are all lawmakers!

29C3: We are all lawmakers!

DEF CON 17: MetaPhish

DEF CON 17: MetaPhish

24C3: Cybercrime 2.0

24C3: Cybercrime 2.0

DEF CON 17: Abusing Firefox Addons

DEF CON 17: Abusing Firefox Addons

DeepSec 2010: Android reverse engineering and forensics

DeepSec 2010: Android reverse engineering and forensics

DEF CON 19: Defeating wired 802.1x with a transparent bridge using Linux

DEF CON 19: Defeating wired 802.1x with a transparent bridge using Linux

BruCON 2010: Embedded system hacking and my plot to take over the world 1/4

BruCON 2010: Embedded system hacking and my plot to take over the world 1/4

OHM2013: SIM card exploitation

OHM2013: SIM card exploitation

Embed trojan into a JPG Format

Embed trojan into a JPG Format

Pyrit demonstration (GPU cracking)

Pyrit demonstration (GPU cracking)

Black Hat USA 2010: Jackpotting automated teller machines redux 1/5

Black Hat USA 2010: Jackpotting automated teller machines redux 1/5

Believe you can and you’re halfway there

A collection of videos organised or just select a video by the first impression.

That choice is up to you.

Just click and be surprised

Video wall

Find what you're looking for

Videos by category