Security researchers spend a lot of time rummaging through and pushing software on the myriad of smart devices that dominate our lives, but what about the plugs that recharge them? Modern fast chargers are essentially small computers, and a team of Chinese researchers has shown that it is relatively easy to attack the charger with an attack called BadPower. It can cause your device to overheat, smoke, and possibly even catch fire.
Until recent years, the cables we use to keep our phones, tablets, and other devices running would deliver just a couple of watts of power no matter what you plugged in. So if you forgot to charge your phone overnight, it was impossible to get a full charge before it was time to go out the door. Modern fast-charging systems can boost voltage and current to get more power from your battery in a shorter period of time, giving you hours of battery life in just a few minutes of charging. Chargers need their own little electronic brain for that to happen, and this is BadPower’s goal.
Researchers from Tencent’s Xuanwu Laboratory demonstrated that a smartphone could transmit BadPower to chargers, where it can modify the embedded firmware. Just plugging in a device with BadPower can encode a quick charge plug and turn it into a fire hazard that kills the phone.
BadPower interferes with the output to deliver more power than the connected device can accept, which can be extremely high for the latest chargers. For example, 100W USB-PD chargers are becoming increasingly common, and Oppo recently announced a 125W system. The firmware on these chargers is supposed to negotiate the correct combination of voltage and current to charge a connected device. at maximum speed, which can be up to 20V and 5A for power delivery. Many new smartphones can only handle 15 or 18 W, so you can imagine what 100 W of power will do to the internal components.
Xuanwu Lab tested 35 fast chargers of the 234 models available in China. The team found that 18 models from eight different vendors were vulnerable to BadPower. Security flaws are fixable on most smart devices, but the chargers are barely smart and many of them don’t have upgradeable firmware. Xuanwu Lab says it tested 34 fast-loading drivers and found that 18 of them lacked any firmware update mechanism.
The researchers recommend that vendors develop patches that can be deployed on upgradeable plugs and included in future models. It also suggests that manufacturers harden the firmware of the fast charger to protect against attacks like this. Tencent says it notified all affected providers, but some of these chargers cannot be fixed.
Now read:
