Chinese security researchers have revealed a new technique called BadPower that can alternate the firmware of fast chargers to damage them as well as devices attached to them.
This technique was detailed last week in a report published by one of Tencent’s research units called Xuanwu Lab. It has the potential of melting your chargers and even setting your charging devices on fire. It works by corrupting the firmware of fast chargers, the new type of Smartphone chargers that have become famous lately for their rapid charging capabilities.
These chargers work using a firmware that communicates with the device being charged and negotiates a charging speed based on the device’s capabilities. If the device does not support fast charging, the charger will only deliver a standard 5V charging speed, but if the device does have fast charging, then the charger can deliver 12V, 20V, or even higher charging speeds.
The BadPower technique corrupts the fast charger firmware forcing it to output more power than the device can handle, thereby damaging both the charger and the receiver.
This malicious attack can be performed by using special tools on a fast charger or completely remotely by injecting malicious code into a smartphone. When the infected smartphone is attached to the charger, it corrupts the firmware of the charger causing a power overload.
The researchers tested 35 fast chargers from 234 different models and found that more than half of them were vulnerable to BadPower. This can easily be avoided by keeping device and charger firmware up to date, but the bad news is that most of the chargers the firm tested did not come with an option to update chip firmware.
Regardless, Tencent researchers have informed the fast charger vendors in question and have also shared their findings with the Chinese National Vulnerabilities Database (CNVD) to accelerate the development of security protocols against BadPower.