New Hack Tricks Fast Chargers Into Destroying Devices
Researchers at a Chinese security lab have uncovered a dangerous security vulnerability that allows malicious users to hack fast chargers and cause irreparable damage to any device that is plugged into them, Android Central reports.
Fast chargers feature their own microprocessor and firmware, which include simple lines of code that tell the charger what to do. So as to make sure the device being charged gets the right amount of power, the microprocessor and firmware receive information from said device.
Tencent Security Labs has discovered a way to overwrite the firmware through the USB port present on 18 out of 35 different fast charger models, Futurism writes.
The 'BadPower' exploit
Worryingly, the security research team based in China found out they could modify the firmware using an exploit called "BadPower," which would cause the power brick to send far too high a voltage to the device hooked up to the charger — this could destroy the device and even cause a fire, the researchers say.
In order to demonstrate their findings, the Tencent researchers released a demo video in which they set a phone on fire.
Tencent has advised that people avoid sharing fast chargers outside of people's circle of trust and that they only accept updates from the manufacturer of their fast charger. The company has also reached out to manufacturers and advised them to disable the ability to edit the firmware of fast chargers.
No known cases of malicious use
Thankfully, while it's important to stay safe in the face of malicious users, this isn't a cause for widespread panic. There are currently no known reports of fast chargers being tinkered with in this way in order to tank devices.
Perhaps more important than the vulnerability itself is the fact that fast charging has been shown to be damaging to lithium-ion batteries used for electric vehicles. In any case, Tencent says it has contacted the companies making the vulnerable chargers and the company hasn't released any information that would show hackers how to act on the "BadPower" exploit.