Tencent’s research unit has found a technique to alter the firmware of fast chargers, thereby overpowering the device connected to it and eventually damaging it. They found about 18 models out of total 234 tested, which is having no option to update the firmware, which is the only solution to avoid this attack called – BadPower.

A New Technique to Damage Your Phone Via Fast Charger

Researchers at Xuanwu Lab, the research wing of Tencent has discovered a new technique called BadPower, where they claim to alter the power supply to a connected device via its fast charger and overpower to damage it ultimately. A report on this attack was published last week, which explains how to damage components like to melt or even set on fire!

BadPower Attack Can Damage Your Smartphones Through Fast ChargingThe BadPower method is capable of altering the voltage supplied to the charge receiving device. Fast chargers are equipped with a chip and firmware (chip software) to help the charger communicate with a power receiving device. And if the receiving device is capable of taking the high power, it then pushed high voltages to it. If not, it supplies standard 5V power to it.

Researchers here can alter the firmware of fast chargers, thus able to falsely communicate and push more voltage than the connected device can take. This would ultimately lead to melting, burn, bend, or put the device at the fire! Moreover, they don’t necessarily connect the charger to their machine to corrupt the firmware, this BadPower can be supplied to smartphones and even laptops!

Researchers warn that attackers could take advantage of this technique, thus users and more importantly, OEMs should be aware of it. Out of 35 fast chargers from 234 models, the researchers have tested, 18 models from 8 vendors found vulnerable.

This means the firmware of those vulnerable chargers cannot be updated since the OEM shipped without any such option. This leaves the users at risk. Researchers said they had informed the concerned OEMs and also the Chinese National Vulnerabilities Database.

Via: ZDNet


Please enter your comment!
Please enter your name here