Notebookcheck Logo

BadPower can melt or set your phone on fire

The effects of a BadPower attack on a vulnerable device (Source: Tencent Security Xuanwu Lab)
The effects of a BadPower attack on a vulnerable device (Source: Tencent Security Xuanwu Lab)
Chinese security researchers discovered that the firmware of fast chargers can be corrupted to deliver higher charging parameters, thus damaging the devices connected to them. A charger affected by a BadPower attack can melt or even set on fire the handset/external battery it is supposed to charge.

Firmware upgrades can often solve various problems of multiple devices and can add post-release features and capabilities to them. Unfortunately, being able to alter the way a certain device works via firmware upgrades is also a vulnerability that can be exploited by malevolent parties. Now, it looks like multiple fast chargers can be modified to damage the devices they get connected to.

According to the researchers from Tencent's Xuanwu Lab, the firmware of many fast chargers can be easily corrupted to make them damage the connected devices. The named the exploit of this vulnerability BadPower. The amount of damage depends on a few elements, but it's enough to say that it can range from overheating to melting and being set ablaze. 

The problem with this attack is that there are no warning signs and the owners of the chargers affected by it usually find out what is happening when it is already too late. The attack code can be loaded on smartphones and laptops and, for some of the fast charger models vulnerable to BadPower, the attacker needs no special hardware or software.

When testing this attack method against existing fast chargers, the Tencent team managed to successfully corrupt 18 models from 8 vendors out of the 35 models tested. Sadly, they did not reveal any names, but the good part is that most problems that can be generated by BadPower can be fixed by — obviously — updating the device firmware.

Since this vulnerability appears to have been discovered before any mass attack took place, its impact will probably be minor. Tencent's lab has already notified the affected vendors about their findings and everything should be fixed as soon as possible. However, the video below shows the rather terrifying results that a successful BadPower attack can have.

Source(s)

Read all 3 comments / answer
static version load dynamic
Loading Comments
Comment on this article
Please share our article, every link counts!
Codrut Nistor, 2020-07-20 (Update: 2020-07-20)