Notebookcheck
, , , , , ,
search relation.
, , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,
 

BadPower can melt or set your phone on fire

The effects of a BadPower attack on a vulnerable device (Source: Tencent Security Xuanwu Lab)
The effects of a BadPower attack on a vulnerable device (Source: Tencent Security Xuanwu Lab)
Chinese security researchers discovered that the firmware of fast chargers can be corrupted to deliver higher charging parameters, thus damaging the devices connected to them. A charger affected by a BadPower attack can melt or even set on fire the handset/external battery it is supposed to charge.
Codrut Nistor, 🇫🇷
, , , , , ,
search relation.
, , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,
 

Firmware upgrades can often solve various problems of multiple devices and can add post-release features and capabilities to them. Unfortunately, being able to alter the way a certain device works via firmware upgrades is also a vulnerability that can be exploited by malevolent parties. Now, it looks like multiple fast chargers can be modified to damage the devices they get connected to.

According to the researchers from Tencent's Xuanwu Lab, the firmware of many fast chargers can be easily corrupted to make them damage the connected devices. The named the exploit of this vulnerability BadPower. The amount of damage depends on a few elements, but it's enough to say that it can range from overheating to melting and being set ablaze. 

The problem with this attack is that there are no warning signs and the owners of the chargers affected by it usually find out what is happening when it is already too late. The attack code can be loaded on smartphones and laptops and, for some of the fast charger models vulnerable to BadPower, the attacker needs no special hardware or software.

When testing this attack method against existing fast chargers, the Tencent team managed to successfully corrupt 18 models from 8 vendors out of the 35 models tested. Sadly, they did not reveal any names, but the good part is that most problems that can be generated by BadPower can be fixed by — obviously — updating the device firmware.

Since this vulnerability appears to have been discovered before any mass attack took place, its impact will probably be minor. Tencent's lab has already notified the affected vendors about their findings and everything should be fixed as soon as possible. However, the video below shows the rather terrifying results that a successful BadPower attack can have.

Source(s)

Read all 3 comments / answer
static version load dynamic
Loading Comments
Comment on this article
, , , , , ,
search relation.
, , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,
 
Codrut Nistor
Codrut Nistor - Senior Tech Writer - 5435 articles published on Notebookcheck since 2013
In my early school days, I hated writing and having to make up stories. A decade later, I started to enjoy it. Since then, I published a few offline articles and then I moved to the online space, where I contributed to major websites that are still present online as of 2021 such as Softpedia, Brothersoft, Download3000, but I also wrote for multiple blogs that have disappeared over the years. I've been riding with the Notebookcheck crew since 2013 and I am not planning to leave it anytime soon. In love with good mechanical keyboards, vinyl and tape sound, but also smartphones, streaming services, and digital art.
Please share our article, every link counts!
> Notebook / Laptop Reviews and News > News > News Archive > Newsarchive 2020 07 > BadPower can melt or set your phone on fire
Codrut Nistor, 2020-07-20 (Update: 2020-07-20)