BadPower attack can trick devices into setting themselves on fire, security researchers say

The vulnerability cannot always be patched because of limitations in the chips used

Adam Smith
Tuesday 21 July 2020 09:32 EDT
Comments

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

Chinese security researchers have found a way to hack smartphone chargers to break or burn the device.

The issue, which has been called “BadPower”, was discovered by the Xuanwu Lab, which is a research unit of Chinese technology giant Tencent.

The attack makes chargers put out an excessively high voltage, resulting in the device breaking down. It focuses on fast-charging technology – chargers, stands, and cables, that can fill up your smartphone faster than standard cables.

Both iPhone and Android phones have fast-charging capabilities.

The current fast charging technology can provide a maximum voltage of 20V and 100W of power, as well as actually transmitting data between the charger and the device via built-in firmware.

This firmware is used to decide charging speeds, based on the capabilities of the device. However, the researchers say that this connection is not secure.

Hackers could rewrite the code that controls the power supply, meaning devices only capable of receiving 5V charge could be forced to take four times as much, resulting in the device overloading.

“All products with BadPower problems can be attacked by special hardware, and a considerable number of them can also be attacked by ordinary terminals such as mobile phones, tablets, and laptops that support the fast charging protocol,”the researchers say.

This is done through a specific device, designed to look like a smartphone, being plugged in to the charger to insert the malicious code before the charger is used with another device.

The researchers tested BadPower attacks on 35 fast chargers, from 234 models available. It was discovered that 18 models from eight different vendors were vulnerable to this flaw.

While the BadPower vulnerability can be patched with an update to the charger’s firmware, the researchers say that 18 of the chip vendors did not provide the option to update the firmware. As such, there is no way to fix the vulnerability in those chargers.

The researchers did not say which models of charger could be affected by the BadPower vulnerability, but have contacted China’s National Vulnerability Database about the flaw. The Independent has reached out to the Xuanwu Lab for more information.

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in