author: Bart Swiatek
Hackers can Attack a Quick Charger to Burn Your Phone
Experts from the Chinese company Xuanwu Lab have discovered a dangerous security gap that allows the quick charger to be hacked and consequently used to melt or ignite the device connected to it.
IN A NUTSHELL:
- The BadPower attack affects the chargers and allows the device connected to them to overheat;
- The gap was detected in as many as 18 out of 35 models that were tested.
Cyber-security experts from the Chinese company Xuanwu Lab (part of the well-known Tencent) have reported that they are able to influence the software of quick chargers to force them to "overload" the connected smartphone (via ZDNet). The device melts and in some cases even ignites (this depends on both the charger model and the device being charged).
The cyber-attack technique in question was called BadPower. The charger can be hacked in secret (there are no messages to click through) and really fast. In many cases, no additional equipment is required - just connect the phone to the device you want to influence for a few seconds. When the malicious code is uploaded, the hacker can leave the room and then he only has to wait for the trap set to be sprung (the description of the attack suggests that it can only be done on the spot, having direct contact with the charger). The report published by Xuanwu Lab is accompanied by a video showing how the hack works.
Experts tested 35 fast chargers and as many as 18 of them (from eight different manufacturers) were vulnerable to BadPower attack. No information was given about the specifications and brands of the tested devices (this may be a deliberate action to limit the spread of the attack). In 11 cases the attack could have been committed using a regular smartphone.
The gap can be eliminated by updating the software, but another problem arises - a large part of the chips used in quick chargers (18 out of 34 chips of this type) does not allow for updateing firmware. Researchers informed all manufacturers about their findings.