Chinese security researchers from Tencent's Xuanwu Lab said they can corrupt the firmware of fast chargers to cause damage to the items they charge.
The BadPower exploit alters the default charging setting to deliver more voltage than the receiving device can manage; the technique needs no prompts or interactions, and the attacker only has to connect an attack rig to the fast charger, wait a few seconds, then leave, having corrupted the firmware.
When the user connects their infected device to the fast charger, the malware modifies the charger's firmware, and the charger will overload any subsequently linked devices, melting or even setting them on fire.
The Tencent team found that although updating device firmware can eliminate the BadPower vulnerability, this option is lacking in many fast-charging chips.
The researchers alerted all affected vendors and the Chinese National Vulnerabilities Database, suggesting tougher firmware safeguards and deployment of overload protection to charged devices.
From "BadPower Attack Corrupts Fast Chargers to Melt or Set Your Device on Fire"
ZDNet (07/20/20) Catalin Cimpanu
View Full Article
Abstracts Copyright © 2020 SmithBucklin, Washington, DC, USA