Even Fast Chargers are not safe from hackers

Attackers can alter the firmware of fast charger devices

Fast charging is fast becoming commonplace across smartphones and other devices. As wattage and voltage increase, charging times decrease, making this technology a must-have for those on the go. But while the convenience of fast charging is clear, the technology can also be used maliciously.

Detailed by Tencent’s Xuanwu Lab (via ZDNet), a vulnerability called BadPower can modify the firmware of some fast chargers.

How is this possible?

BadPower corrupts a fast charger and effectively stops its chip’s firmware and the charging device from agreeing on a set voltage. Some fast chargers can push 20 volts, but some devices can only safely accept 5V. By overloading a device with more voltage than it can handle, researchers found that they could cause some devices to burst into flames.

While researchers used a “special device disguised as a mobile phone” to corrupt a fast charger’s firmware, researchers believe that phones, laptops, and other devices infected with the requisite “malicious programs” can be used in a similar way.

BadPower may not seem as invasive as data-stealing malware or ransomware, but it does demonstrate how one infected device or one corrupted fast charger could physically destroy a number of others. The researchers also found that at least 18 of the 35 fast chargers they tested could be vulnerable to BadPower.

Of those 18, 11 could be corrupted using “digital terminals” or phones and other devices that support fast charging. The researchers did not detail which companies’ chargers were affected.

Possible solutions

To mitigate the risks, researchers suggest manufacturers add additional fuses to devices that support lower voltage fast charging. For users, they warn against easily dishing out your phone charger or power bank to others.

End users are advised to keep their devices safe by not giving their own fast charger and power bank to others and by not using those belonging to other people or establishments.

Ultimately, though, this is a problem that has to be solved by the manufacturers.

They should make sure that fast chargers’ firmware is without common software vulnerabilities and make sure that firmware can’t be modified without authorization.

Watch the demo of this attack in this video below

Follow our Facebook and Twitter page for more contents and news.

Author

Leave a Reply

Your email address will not be published. Required fields are marked *