Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
"BadPower" Vulnerability
Quote:Security researchers spend a lot of time poking and prodding the software on the myriad smart devices that dominate our lives, but what about the plugs that recharge them? Modern fast chargers are essentially tiny computers, and a team of Chinese researchers has now shown it’s relatively simple to target the charger with an attack called BadPower. It can make your device overheat, smoke, and possibly even catch fire.

Until the last few years, the cables we used to keep our phones, tablets, and other devices running would deliver just a couple watts of power no matter what you plugged in. So, if you forgot to charge your phone overnight, it was impossible to get a full charge before it was time to head out the door. Modern fast charging systems can ramp up the voltage and current to get more power into your battery in a shorter amount of time, getting you hours of battery life in just a few minutes of charging. The chargers need their own tiny electronic brain to make that happen, and this is the target for BadPower.

The researchers from Tencent’s Xuanwu Lab showed that a smartphone could transmit BadPower to chargers, where it can modify the embedded firmware. Just plugging in a device with BadPower can scramble a fast charging plug and turn it into a phone-killing fire hazard.
Xuanwu Lab tested 35 fast chargers of the 234 models available in China. The team found that 18 models from eight different vendors were vulnerable to BadPower. Security flaws are fixable on most smart devices, but chargers are barely smart, and many of them don’t have upgradeable firmware at all. Xuanwu Lab says that it tested 34 fast charging controllers and found that 18 of them lacked any firmware update mechanism.

The researchers recommend that vendors develop patches that can be deployed to upgradable plugs and included on future models. It also suggests manufacturers harden fast charger firmware to guard against attacks like this. Tencent says it notified all affected vendors, but some of these chargers are unfixable.

Forum Jump:

Users browsing this thread: 1 Guest(s)