Don’t let ANYONE else use your charger.
Researchers at Tencent lab has found malware and named it BadPower than can potentially melt or blast your phone by just charging.
Here’s the article on Tencent xlab and be sure to use Google Translate 😉 .
What is BadPower?
It abuses the Fast Charge feature of the newer charger and phones. Security Researchers at China found a way to corrupt the charger’s firmware because of which your phone might catch fire or even melt from inside.
What is Fast Charging?
If you have a modern-day phone, it’ll most certainly have fast charge enabled which provides, well, faster-charging speed. Duh!
A typical USB power output is 5V with 0.5A Current (2.5 Watt). This was true for older generation chargers. The newer “Fast Chargers” in the market can give up to 20V or even more.
In these Fast Chargers, the charger first connects with your phone and negotiates a voltage that the phone can support. If the phone has fast charge support, it’d be given what it requires. Otherwise, the regular 5V will be supplied.
How BadPower affects Fast Charge?
BadPower works by altering the default parameters in the firmware of fast chargers to deliver more power to devices than they can handle.
Researchers claim the BadPower attack can harm devices whether or not they include a fast charging feature. When a capable device is connected, the charger will still negotiate for 5V, but instead, give 20V and wreak havoc.
The attacker simply has to connect a malicious device disguised as a phone to the charger. In a few seconds, the BadPower firmware change is pushed to the charger. After the firmware change, it still gives 5V for a few seconds before jumping up near 20V.
Here’s a demo video for you to understand how this works.
What to do now?
BadPower attack has been tested on 25 different types of fast chargers out of 200+ available currently on sale, and it works on 18 of those (made by eight different vendors).
To make matters worse, there are no external signs or natural ways of detecting the attack are currently present to know if the device has been tampered with or not.
The small upside to BadPower is that the hack can be shutdown by updating a charger’s firmware. Unfortunately, after analyzing 34 different chips used in fast-charge adapters, Xuanwu researchers found that 18 of the chips didn’t have support for updatable firmware, meaning that there would be no way for some chargers to protect against BadPower.
How to be safe against BadPower
While BadPower or similar hacks don’t seem to have been used in the wild yet, for those worried about people messing with their chargers,
BadPower serves as a good reminder that physical security remains the first line of defense when it comes to protecting your tech. If hackers can’t get to your charger, they won’t be able to upload the malicious code needed to make your power adapter go haywire.
The best defense against BadPower is to not to give your chargers to strangers even for temporary use.
Get the latest tech news and updates, ethical hacking tutorials and cybersecurity tips and tricks. Check out MeuSec for more.