BadPower can melt or set your phone on fire
Firmware upgrades can often solve various problems of multiple devices and can add post-release features and capabilities to them. Unfortunately, being able to alter the way a certain device works via firmware upgrades is also a vulnerability that can be exploited by malevolent parties. Now, it looks like multiple fast chargers can be modified to damage the devices they get connected to.
According to the researchers from Tencent's Xuanwu Lab, the firmware of many fast chargers can be easily corrupted to make them damage the connected devices. The named the exploit of this vulnerability BadPower. The amount of damage depends on a few elements, but it's enough to say that it can range from overheating to melting and being set ablaze.
The problem with this attack is that there are no warning signs and the owners of the chargers affected by it usually find out what is happening when it is already too late. The attack code can be loaded on smartphones and laptops and, for some of the fast charger models vulnerable to BadPower, the attacker needs no special hardware or software.
When testing this attack method against existing fast chargers, the Tencent team managed to successfully corrupt 18 models from 8 vendors out of the 35 models tested. Sadly, they did not reveal any names, but the good part is that most problems that can be generated by BadPower can be fixed by — obviously — updating the device firmware.
Since this vulnerability appears to have been discovered before any mass attack took place, its impact will probably be minor. Tencent's lab has already notified the affected vendors about their findings and everything should be fixed as soon as possible. However, the video below shows the rather terrifying results that a successful BadPower attack can have.
Source(s)
Tencent Security Xuanwu Lab (in Chinese) via ZDNet