Image: Tencent
Chinese security researchers said they can alter the firmware of fast chargers to cause damage to connected systems (charging), such as molten components, or even set devices on fire.
The technique, called BadPower, was detailed last week in a report published by Xuanwu Lab, a research unit of Chinese tech giant Tencent.
According to the researchers, BadPower works by corrupting the firmware of fast chargers, a new type of charger that has been developed in recent years to speed up charging times.
A fast charger looks like any typical charger, but works with special firmware. This firmware “talks” to a connected device and negotiates a charge rate, based on the capabilities of the device.
If a quick charge feature is not supported, the quick charger delivers the standard 5V, but if the device can handle larger inputs, the quick charger can deliver up to 12V, 20V, or even more, for faster charging speeds.
The BadPower technique works by altering the default charging parameters to deliver more voltage than the receiving device can handle, degrading and damaging the receiver components as they become hot, bend, melt, or even burn.
BadPower attack is silent and fast
A BadPower attack is silent, as there are no prompts or interactions the attacker must go through, but it is also fast, as the threat actor only needs to connect his attack platform to the fast charger, wait a few seconds and exit, then having modified the firmware.
Also, in some fast charger models, the attacker does not need special equipment, and the researchers say the attack code can also be charged on smartphones and regular laptops.
When the user connects their infected smartphone or laptop to the fast charger, the malicious code modifies the firmware of the charger and in the future the fast charger will run a power overload for any device connected later.
The damage caused by a BadPower attack generally varies depending on the fast charger model and its charging capabilities, but also depending on the charged device and its protections.
The researchers tested 35 fast chargers, found 18 vulnerable
Tencent’s team said they verified their BadPower attack in practice. The researchers said they selected 35 quick chargers from 234 models available on the market and found that 18 models from 8 vendors were vulnerable.
The good news is that “most BadPower problems can be solved by updating the device firmware.”
The bad news is that the research team also analyzed 34 fast-charging chips, around which the fast-charger models had been built. The researchers said 18 chip vendors did not ship chips with a firmware update option, meaning there was no way to update the firmware on some fast-loading chips.
Tencent researchers said they notified all affected vendors of their findings, but also the Chinese National Vulnerability Database (CNVD) in a bid to accelerate the development and promotion of relevant security standards to protect against BadPower attacks.
Suggestions to fix the BadPower problem include strengthening the firmware to prevent unauthorized modifications, but also implementing overload protection on loaded devices.
A demo video of a BadPower attack is available at the bottom of Tencent’s report. The video could not be inserted here.
