Chinese experts from Xuanwu Lab (research arm of Tencent) have published a report on the BadPower attack technique, which can set on fire various devices with the use of Quick Charge technology.
In the report, researchers at Xuanwu Lab said that they learned how to change the firmware of fast chargers in such a way as to cause damage to the devices connected to them, including setting them on fire.
“Quick Charge technology appeared a few years ago and devices from many manufacturers support it now. As the name implies, the voltage and current specifications of such chargers have been changed in a special way to speed up the process of charging the battery of a phone, tablet, and so on”, – says the report, adapted ZDNet.
Such chargers are equipped with special firmware that “communicates” with the connected device and coordinates the charging speed with it (depending on the capabilities of the gadget). If fast charging is not supported, the charger supplies the gadget’s battery with a standard voltage of 5V, otherwise the fast charger can work with a voltage of 12-20V and even more.
The BadPower technique presented by the experts is based on overriding the default charging parameters in order to apply a significantly higher voltage to the target device, which ultimately can lead to overheating, deformation, melting and even fire of components. The damage from a BadPower attack varies depending on the model of the fast charger, as well as the model and protection of the gadget that is being charged.
In fact, in order to “infect” device wi fast charging, an attacker only needs to connect his system to it, wait a few seconds while the firmware is being changed, and then leave the dangerous charger where the victim will use it.
“With some chargers, this doesn’t even require any special equipment, just a smartphone or laptop is enough”, — say Xuanwu Lab researchers.
Tencent experts tested their attack in practice: they selected 35 fast chargers from 234 models on the market, and found that 18 models from 8 different suppliers were vulnerable to BadPower.
The researchers write that most of the problems with fast charging can be fixed by updating the firmware, but not all chargers can in principle be patched. The fact is that experts analyzed 34 chips, on which are based various models of fast chargers. It turned out that 18 of them produce chips without the possibility of subsequent firmware updates, that is, in many cases manufacturers simply will not be able to distribute updates.
The experts have already notified all vendors about the results of their research, as well as the China National Vulnerability Database (CNVD).
Do you think that such exotic attacks are not really used? Well, I recently wrote that hackers exposed the American company to a rare attack via BadUSB.