BadPower attack corrupts fast charger firmware, overloads smartphones

Researchers say corrupted fast chargers can pump out enough juice to set some devices on fire

Fast charger

Security researchers found a way to manipulate fast charger firmware to cause damage to connected devices.

China-based research lab Xuanwu Lab detailed the technique, dubbed BadPower, in a recent report. Xuanwu is part of Chinese tech giant Tencent.

BadPower works by corrupting the firmware of fast charger bricks. The firmware in these bricks communicates with connected devices like smartphones to determine the correct amount of power to deliver to the device. For example, a phone that can’t accept a fast charge would default to the standard 5V output, while phones with fast charging capabilities would receive 12V, 20V or higher.

According to the researchers, BadPower alters the default charging parameters and delivers more voltage than the receiving device can handle. Increased voltage like this can degrade and damage the receiver’s components, leading to excessive heat, bending, melting or even a fire.

Worse, BadPower acts silently and quickly. An attacker would only need to connect their attack rig to the fast charger, wait a few seconds to modify the firmware, and leave. Researchers say they can apply BadPower to some chargers without special equipment. Instead, they can apply the code to a regular smartphone or laptop. When the user plugs in that device, the malicious code enters the charger’s firmware and applies BadPower. The charger will then overload any connected devices.

The damage caused by such an attack can vary depending on the fast charger, its capabilities, and the device and its protections.

Xuanwu says it verified BadPower works in practice and tested 35 fast chargers from the over 234 models available. The researchers found 18 models from eight vendors were vulnerable to BadPower.

Thankfully, the researchers say manufacturers can fix most BadPower vulnerabilities by updating the firmware on fast charger chips. Unfortunately, the 18 impacted models Xuanwu tested came from vendors that didn’t include an update option. In other words, manufacturers can’t update those charger models.

Xuanwu researchers notified all impacted vendors, as well as the Chinese National Vulnerabilities Database (CNVD). Further, the researchers recommend fixing the problem by hardening firmware to prevent unauthorized modifications while also deploying overload protection to charged devices.

The report includes a video demonstrating a BadPower attack, but the video cannot be embedded here. Those interested can find it at the bottom of the report.

Source: Xuanwu Via: ZDNet