Hackers can now trick USB chargers into destroying their devices – this is how it works


Not all cyber attacks focus on data theft. Sometimes the intention is “to destroy the physical world through digital media,” warns Chinese tech giant Tencent. Company researchers have just revealed a serious new vulnerability in many of the mass market fast chargers now in use worldwide.

When you connect your device to a fast charger with a USB cable, there is a negotiation between the two, setting the most powerful charge that the device can safely handle. This negotiation is handled between the device firmware and the charger firmware, and both are supposed to play very well with each other.

But Tencent researchers have now shown that a compromised charger can override this negotiation, reducing the power of the cable that the device can safely handle, likely destroying the device and even setting it on fire.

Because the fast charger is essentially a smart device in its own right, it is open to malicious compromise. An attack is very simple. With malware loaded onto a smartphone, an attacker connects to the loader, overwrites its firmware, and essentially arms it as a weapon for what it connects next.

The interesting twist here is that the malware might even be on the target device. An attacker pushes that malicious code to your phone. The first time you connect to a vulnerable fast charger, the phone overwrites its firmware. The next time you connect to that same charger to recharge your device, your phone will be overloaded.

Tencent has produced a demo video that shows how a charger can be compromised and then used to overload a device.

Tencent has rated this problem as “BadPower” and warns that “all badPower problem products can be attacked by special hardware, and a considerable number of them can also be attacked by common terminals like mobile phones, tablets and laptops that support fast charging protocol. “

The researchers identified 234 quick chargers on the market and tested 35 of them. Of them, they found that “at least 18 had BadPower issues and involved eight brands.” Of those 18 charging devices, 11 were vulnerable to a simple attack through a device that also supports the fast charging protocol, such as a mobile phone.

According to the researchers, while there is a risk with devices that They are designed to charge quickly, the biggest risk is with those who are not. His advice is not to plug basic 5v devices into fast chargers with a USB to USB-C cable.

The research team at Tencent’s Xuanwu Laboratory reported the problem to the China National Vulnerability Database (CNVD) and will also engage with affected manufacturers, they say, about mitigation techniques. Clearly, with this issue revealed, revised standards must be established.

So is it really a problem to worry about? It depends. Here’s a big problem, with large-scale security measures not yet in place. This means that the chargers you buy online, not knowing what could be vulnerable, could damage your device or worse. Complying with known manufacturers is clearly a sensible precaution here, as with any device you plug into your home.

There’s a slightly darker threat here too, affecting those of you who could be targeted by bad actors. Think of dissidents, reporters, protesters. A simple attack that could affect your communication skills, potentially disconnect you, could be relevant. You must take care of the chargers you use.

We have already seen warnings about the use of chargers, whether in public spaces or where we borrow from others. That problem has been all about the potential for data theft, when you use a data cable to charge your device and don’t know where the charger came from. We have even seen compromised data cables used for the same purpose, where the cable hides a wireless connection.

That tip, be careful when connecting your smart device with a smart cable that can do more than just charge, is the same in both cases.

Beyond the details, this is another warning about the dangers of the rapidly growing IoT space, where we buy, connect, and connect a myriad of devices. Our homes and offices are now full of technology, and while we care about our computers, phones, and tablets,. We pay little attention to cookware, smart home accessories, and toys that we buy online from manufacturers we’ve never heard of before.

It is surrounded by countless little computers, many of which connect to your wifi and offer a route to the outside world. The problem you face, of course, has to do with compromising data and security. This Tencent report only shows that there are other dangers as well, stemming from that same problem.

.