BadPower: This fast-charging hack can set your smartphone on fire

We’ve all heard the myth that smartphones can spontaneously catch on fire, which is why many choose not to charge their smartphones by their bedsides at night. Regardless of whether that is true or not (it’s not, to my knowledge), a new hack has been discovered that could bring those terrifying nightmares to life. According to a new report from Tencent-owned Xuanwu Labs, the BadPower hack tricks fast charging power bricks into setting a connected smartphone on fire.

It must be noted that only fast charge power adapters are seemingly affected by the hack—which is still worrying, given the increasing amount of fast chargers in the market today. The report doesn’t specifically point towards any particular brands or phones, although 35 power bricks from various manufacturers were tested.

Wait, so how does BadPower work?

The BadPower hack works by corrupting the charging adapter’s firmware, which is then tricked into pushing too much electricity that might be over the phone’s rated maximum input. This then leads to a buildup in heat, which then leads to melted components—and yes, phones literally catching on fire.

While there are a variety of fast charging protocols from various manufacturers nowadays, the basic principle is the same. The power brick and accompanying smartphone, when connected, perform a “handshake” of sorts to determine the speeds that the smartphone can handle. This is the very reason why it is still considered safe to connect a smartphone that can only handle regular charging speeds like 10W to a power adapter that can theoretically charge at up to 30W.

However, when the firmware is hacked, the power brick can be manipulated into damaging phones that are connected. Unlike many security vulnerabilities today, BadPower doesn’t actually compromise your privacy—but phones catching on fire are certainly equally dangerous.

So, how do you avoid the BadPower hack?

Fortunately, it appears that a BadPower attack can only be initiated in person. This means that a special device—usually disguised as a smartphone—must be connected to the charger to initiate the corrupted firmware. Additionally, attackers can also connect an infected smartphone of their own to a power adapter, which then corrupts its firmware.

According to the report, there are 234 fast charging devices in the market today, although only 35 were tested during the study. More than half of these chargers were found to be vulnerable to BadPower, with 18 models from 8 different tech brands at risk.

The fix to the issue? It’s pretty simple: upgrade the firmware of your power brick. However, not every charging adapter supports firmware updates—which means that those adapters are as good as gone, basically.

To protect power adapters in the future, researchers are also advising manufacturers to ad technical requirements for safety verification for firmware updates. Other safeguards such as an overvoltage protection circuit are advised, along with chip fuses for non-fast charging.

To read the full report (in Chinese), click here.

[ SOURCE ]