Sometimes, the perpetrators’ intent is to ” destroy the real world through digital tools ” – that is the warning of Chinese tech giant Tencent. Researchers from the company have uncovered a series of new holes in the inside of many fast chargers sold throughout the world.
When you connect the device to a fast charger with a USB cable, a connection between the charger and the device will be established, a “negotiation” process will take place to introduce the most powerful current device it has. can withstand it safely. This “negotiation” process is managed between the firmware on the device and the firmware on the charger, and everything will have nothing to say if both operate according to their function.
But Tencent researchers have proven that an interfered charger could overwrite this “negotiation” process, introducing a device with a capacity greater than a safe level, resulting in is destroyed and there is a risk of fire or explosion.
Because fast chargers are basically a smart device, they can be completely interfered with by bad guys. Attacking a fast charger is very simple. With malware loaded into a smartphone, an attacker simply needs to connect to the charger, overwrite its firmware, and turn it into a weapon aimed at whatever plugs into it afterwards.
An interesting twist here is that malware can be plugged into the device the hacker wants to destroy. That is, the attacker drops malicious code on your phone. The next time you connect your phone to a damaged charger, the phone will overwrite its firmware. And the next time you connect the same charger to charge your phone again, the phone will cook.
Tencent has built a demo video showing how a charger can be tampered with and then used to overload the device, you can see here .
Tencent calls this vulnerability ” BadPower ” and warns that “every badPower-infected product can be attacked with special hardware, and a large number of them can also be attacked by early devices.” common endpoints like mobile phones, tablets, and laptops that support the fast charging protocol “.
The researchers identified 234 fast-charging bulbs on the market and tested 35 of them. As a result, they found that ” at least 18 chargers had a BadPower problem, coming from eight different brands .” Of those 18 charging devices, 11 are vulnerable to a simple attack through another device that also supports fast charging protocols, such as mobile phones.
An image taken from a Tencent video showed the device on fire
According to the researchers, even though the risk might be for devices that are designed for fast charging, devices that are not compatible with fast charging pose an even greater risk. It is advisable not to plug basic 5 volt devices into fast chargers with USB to USB-C cables.
The team at Tencent’s Xuanwu Lab reported the issue to the China National Vulnerable Database (CNVD) and will work with affected manufacturers to come up with solutions to limit the risk. . Clearly, in the face of such a serious problem, stricter standards are needed.
So is this a problem you should really worry about? It depends. There is a bigger problem here, and safety solutions are yet to be rolled out on a large scale. This means that chargers you buy from the internet – there’s no way to know which ones are vulnerable – can damage your device or worse. Obviously, the safest way to do this is to use chargers from well-known manufacturers for whatever product you use at home.
Another problem: in the past, we have been repeatedly warned to limit the use of chargers in public places or chargers borrowed from others. The potential risk is data theft, when you use a data cable to charge the device and don’t know the exact origin of the charger. There are quite a lot of data cables that have been interfered with for this purpose, hiding a wireless connection within them.
The advice – be careful when connecting a smart device to a smart cable that can do more than just charge – in the two cases above are exactly the same.
In addition to technical factors, this issue can be considered as another urgent warning in the context of the booming IoT field, in which we buy, plug, and connect a series of devices with together. Our homes and offices are not short of technology, and while we worry about the safety of computers, phones, and tablets, we are forgetting about kitchen appliances and accessories. smart home, or toys bought online from markets that we probably have never heard of before.
We are surrounded by countless tiny computers, many of which are connected to your home Wi-Fi network and open a path to the outside world. Of course, all the problems you face are all about data and security. This report from Tencent reveals that there are other dangers lurking out there, emerging from the very problems we already know.
Reference: Forbes