Security researchers from Xuanwu Lab, operating under Chinese tech giant Tencent, recently discovered a vulnerability in fast chargers that lets them alter the charger’s firmware to deliver voltage in excess of what receiving devices can handle. This subsequently damages any connected hardware, causing it to melt or even catch fire in some instances. The researchers have added the flaw to the Chinese National Vulnerabilities Database (CNVD) and also notified affected vendors in the hope of seeing improved security standards develop and implemented across this industry.
The ability to quickly juice up our power-hungry smartphones through fast charging is certainly a convenience, but one where a delicate balance of demand and supply needs to be met. That’s handled through controllers built into fast chargers that intelligently switch to low or high voltage, depending on the receiver’s capability, quickly charging it for regaining hours of usage.
Fast chargers achieve this through special firmware, with built-in protection against overcharging, overheating, and other safety hazards. However, researchers at Chinese tech giant Tencent were able to bypass these measures by modifying the charger’s firmware and altering default charging parameters to push dangerously high levels of voltage to connected devices.
In their report, the researchers discuss fast charging protocols, which in addition to supplying power to connected devices, also provide an interface for data transmission that manufacturers use to read/write charger firmware. If not well-protected, an attacker can use the same data channel to tweak the firmware and set their own power parameters, corrupting the exchange between the charger and connected device.
Dubbed ‘BadPower,’ the attack doesn’t cause any data leaks, according to the researchers, but can physically damage the receiver. An infected charger carrying the attack code may not be as lethal as a USB killer, but it’s just as silently executable and can be ported to other fast chargers by connecting them to smartphones, tablets, and/or laptops carrying the payload.
When connected to a device that doesn’t support fast charging, an infected charger could result in power overload by supplying 20V instead of the standard 5V. It can also maliciously deliver higher voltage levels to devices that support fast charging, even after both parties have agreed on using lower power values.
From the 234 fast chargers available in the Chinese market, the researchers were able to test 35 models, out of which 18 were found vulnerable to this attack. They also claim to have investigated 34 fast-charging chip vendors, with almost half of them producing unfixable chips as their vulnerable firmware was not updateable.
As for safety tips against BadPower, the researchers suggest that manufacturers should employ strict security checks while updating charger firmware or disable read/write firmware functionality over USB altogether. They also call for providing better overloading protection on devices that don’t support fast charging and ask consumers to be mindful of sharing their power bricks and charging banks.