Recently, Chinese researchers have discovered rather a queer way to literally ‘destroy’ your smartphone through the mobile charger. This attack is known as the BadPower Attack can meltdown your smartphone through malicious codes tampering with the mobile charger.
Cyber attacks are evolving with time and the change in their attack landscape is huge. Earlier, cyber-attacks were bound to computer systems connected to the internet. Then they expanded their sprawl to other devices, smart devices like smartwatches, virtual assistants, IoT gadgetry, routers, printers, CCTV cameras and every gadget which is connected to a network.
With incredible advancements in the mobile industry, various gadgets are introduced to make life easier. With increased dependency on mobile phones and laptops, the need for fast chargers and power banks has also soared. As a result, now almost every device is supporting fast charging.
The latest attack called the BadPower Attack was discovered by the Xuanwu Lab, which is a research unit of Chinese technology giant Tencent. Researchers said that they can alter the firmware of the charger of the smartphones forcing the fast chargers to deliver high-power to the mobiles. This can cause serious damage to the mobile phone, rendering them non-functional or may set them on fire, melting internal circuitry.
The attack focuses on fast chargers, stands and cables. And it is not bound to only smartphones rather it affects laptops and other devices which support fast charging.
How fast charging works?
Fast charging has become a hot spot in the mobile industry. Today’s fast chargers can deliver a maximum voltage of 20V and a power of 100W. Both Android and iPhone devices support fast charging.
Early chargers use the USB interface to charge devices which can take hours. But with the introduction of fast charging technology, devices are charged with an 8x reduced time.
The fast chargers use a power supply terminal, the charging cable and the power receiving terminal. When the supply and receiving terminals are connected through the cable, power negotiation takes place between the device and the charger.
This happens with the help of negotiation communication, power is to be negotiated by both parties. And then the power supply end will supply this negotiated power to the receiving terminal.
Unlike early chargers, fast chargers have a firmware encoded in the management chip. These set of instructions help in establishing negotiation communication between the supply and receiving terminals. This enables fast chargers to provide a range of output 5V, 10V, 20V and even more depending upon the input.
If the fast-charging feature is not supported at the receiving terminal, the charger delivers the standard 5V output to the device.
The firmware which is used to transmit data between the device and the charger is not secure. Researchers say that hackers can tamper with the charger by rewriting the code in the built-in firmware of the fast charger. This means that a device capable of receiving only 5V charge can be forced to take four times as much, resulting in a damaged device.
Researchers said that BadPower is a silent attack, there no prompts or interactions with the user.
The attack is carried out with the attacker getting hold of the fast charger, feed in the malicious code and leave.
Furthermore, many chargers don’t even need special equipment to tamper with the firmware. Hackers can simply load smartphones and laptops with the code. And as soon as the users connect their devices with the chargers, the code alters the firmware and the charger will execute power overload for any subsequently connected devices. A demo video depicts the attack.
Researchers tested 35 chargers from 234 models available in the market. They found that 18 models from 8 vendors were vulnerable to this attack.
According to the report of Tencent, most of the fast chargers provide a firmware update option. This means this attack won’t stay around always.
The research team analysed 34 charging chips, based on which fast charging chargers are built. Amongst which 18 chip vendors don’t ship chips with a firmware update option.
Though BadPower attack doesn’t affect the privacy of the victim nor does it tamper with the software of the device, it can cause physical damage to the mobile phone and even to you.
Perform a strict verification to the process of the updating of the firmware of the fast chargers
Also don’t give your charger, power banks etc to others.
Refrain using chargers at coffee shops and other public devices.
Always plug-in the compatible chargers with your mobile phones.
The foremost point to be taken into consideration is to keep the mobile idle while charging. Fast charging devices gets heated up and working on them can overload the device.
Ayush Dubey is an engineering student from IIIT Jabalpur. He has a comprehensive background in technology. Cybersecurity being his primary field of interest. He loves to meet people who are always in a hustle to learn new things.
BlARROW is a unilingual, electronic, free-content site which composes write-ups on issues concerning online security and architecture technology. It is run helpfully by content scholars who write on a broad scope of subjects. Anyone with access to the internet connection and an ache to gain some new useful knowledge can get to these articles. Aside from this, they additionally give Udemy coupons, Appstore Games, and applications, all for free.
So, in case one is curious to learn something new, gain widespread knowledge without drawing a hole in the pocket.