Last week, in a paper published by Xuanwu Lab (a Chinese research unit of the tech giant Tencent), a new technique for targeted device attack has been described. The technique is called BadPower and allows attackers to modify the firmware of fast chargers in such a way that they can deliver extra voltage and melt parts or even set on fire attached (charging) devices.
Fast chargers have become popular over the past few years with their ability to “communicate” to a connected device and adjust the charging speed according to its capabilities, in this way speeding up the charging times. They look similar to a normal charger but use special firmware to speed up the charging by providing 12V, 20V and even higher charging rates if the device allows for it. When fast charging is not supported, the fast charger provides the regular 5V.
According to the researchers, the BadPower attack works through corrupting the firmware of the fast chargers and allowing for power overload that can damage the connected equipment. The BadPower method allows for attackers to change the normal charging parameters to generate more voltage than the receiving device can handle, thus, causing its components to heat up, melt and even set on fire.
The attack with BadPower is quick and invisible
Researchers explain that the BadPower method of attack is invisible as it does not need any prompts or interactions from the attacker’s side. It also is quick since the attacker just has to attach its attacking rig to the fast charger, wait a few seconds and simply vanish, leaving the firmware modified.
In fact, the attacker doesn’t even require any special equipment for certain fast charger models. Moreover, the attack code could be silently loaded on standard smartphones and laptops. This malicious code can modify the fast charger’s firmware as soon as the user attaches the compromised mobile or laptop to it. From then on, the charger can execute a power overload for any devices that it gets attached to in the future.
After testing 35 fast chargers, the researchers have found that the damaging effects of the BadPower attack can be different depending on the model of the fast charger and its charging capacity, as well as the charged device’s protections. The results from the controlled verification of the BadPower attack show that 18 models from the selected fast chargers for testing are vulnerable to this type of potential attack.
The positive news, according to Tencent team, is that most issues with BadPower can be fixed by device firmware upgrades. Unfortunately, according to the research results, from the 34 fast-charging chips that were analyzed, 18 did not come with chips with a firmware update option. This means that, on some fast chargers, there is no way to update the firmware.
In an effort to promote creation and implementation of applicable protection standards to guard against potential BadPower attacks, Tencent researchers said that they have informed all concerned vendors of vulnerable fast chargers regarding their findings, as well as the Chinese National Vulnerability Database (CNNVD).
Some of the suggestions for addressing the BadPower issue involve hardening firmware that blocks unintended modifications as well as installing power overload protection on charged devices. A demo video of the BadPower attack can be found on the Tencent’s report page.