BadPower vulnerability discovered that can burn your phone with a firmware modified fast charger

If it's misused, it can be a fire hazard.

Engadget JP (Translation)
Engadget JP (Translation) , @Engadget_MT
2020年07月21日, 午後 02:52 in egmt
Tencent Security Xuanwu Lab
Tencent Security Xuanwu Lab

This article is based on an article from the Japanese edition of Engadget and was created using the translation tool Deepl.

Xuanwu Lab, the security research arm of China Tencent, has reported a problem where the firmware of a USB fast charger can be modified to burn out the internal circuitry of the device being charged, or worse, cause it to ignite.

The trick, dubbed BadPower, takes advantage of the internal firmware of high-powered USB fast chargers released over the past few years that communicate with the connected device to select the appropriate charging voltage and current, and overrides the modified code from the connected smartphone or laptop, causing it to deliver a high voltage that the connected device can't withstand.

Specifically, if you use a modified charger unknowingly, the smartphone, tablet or laptop you connect to charge could suddenly catch fire. With the recent development of high-powered USB fast chargers exceeding 100 watts, the consequences of such an attack could be very dangerous if it does occur.

The team at Xuanwu Lab reported that they tested the BadPower attack on 35 different fast chargers on the market and found that 18 models from eight companies were able to launch the attack. They also examined the chips that control the charging process in the fast chargers on the market and reported that nearly 60 percent of all the chips were capable of rewriting firmware via the USB port.

Fortunately, if you've been able to get a modified firmware into your charger, you can still fix it by applying a firmware update that the vendor has released. However, vendors of some products do not offer firmware updates, and in this case, users are likely to have no choice but to get rid of the charger. Xuanwu Lab recommends implementing a security verification mechanism in updating the firmware code of the chargers.

The problem was discovered by security researchers and there have been no reported cases of misuse. Nevertheless, even though it's only a charger, it's still a good idea to choose a high-powered, highly functional product from a reliable manufacturer.

Source: cnTechPost
Via: ZDNet

This article is based on an article from the Japanese edition of Engadget and was created using the translation tool Deepl. The Japanese edition of Engadget does not guarantee the accuracy or reliability of this article.


TechCrunch 注目記事新型コロナのソーシャルディスタンスを支援するビデオチャットアプリ8選

新型コロナウイルス 関連アップデート[TechCrunch]
関連キーワード: egmt, BadPower, Charger, USBCharger, Tencent, XuanwuLab, Mobile, vulnerability, Attack, QuickCharge, Security, news, gear