BadPower Attack Can Burn A Device By Hacking Fast-Charging Devices

While fast-charging helps you use your device without charging breaks, it can potentially harm your device too. The feature isn’t dangerous in itself. Rather an attack strategy dubbed BadPower may exploit this feature, causing your device to burn.

BadPower Attack Exploiting Fast-Charging

Researchers from Tencent Security Xuanwu Lab have devised an attack exploiting fast chargers. Dubbed BadPower, the attack may exploit the feature to throw excessively high voltage to the devices causing them to burn.

Sharing the details in a blog post, the researchers explained that a potential attacker may hack the respective fast charger and rewrite its firmware code to change the voltage delivered.

While most chargers deliver 5V power as a standard, the hacking attack may cause them to deliver up to 20V. This excessive voltage may damage the hardware of the power receiving equipment, even triggering a burn.

Such manipulative voltage change may also accompany a miscommunication between the charger and the other equipment. While the hacked charger may communicate a 5V power transmission, in effect, it would deliver more voltage.

To conduct the attack, an attacker may simply hack the charger’s firmware by connecting a special device to it that mimics a phone. Then, whenever any device is connected to the hacked charger, it would be damaged due to power overload.

In their study, the researchers tested 35 of the 234 available fast-charging devices in the market. From these 35, they found 18 belonging to 8 different brands vulnerable to BadPower. From these 18, 11 chargers could fall prey to BadPower when attacked through digital terminals.

The researchers have shared the details of the exploit and a PoC video in their post.

Possible Mitigations

According to the researchers, most brands may address this problem by updating the charger’s firmware.

Whereas, for the future, the vendors may consider including the following checks in the chargers’ design.

  • Verification of the device connected to the USB port before accepting a firmware change, or entire removal of this feature
  • Assessing the firmware code for any known vulnerabilities

Besides, for general users, the researchers advise not to share chargers and power banks to others. Also, they suggest not using fast-charging alternatives to charge devices that do not support fast charging, because such devices may not have better protection against power overload.

Related posts

Google Cloud To Implement MFA as a Mandatory Feature

Opera Browser Vulnerability Could Allow Exploits Via Browser Extensions

Hard-Coded Credentials Vulnerability Found In Kubernetes Image Builder