It is quite ironical that a tool that’s suppose to save charging time now exposes users to hackers’ threat. A Tencent report revealed recently that a group of researchers discovered some safety defects in fast-charging products, a phenomenon called ‘BadPower’.
This implies that hackers can now hijack some products that support fast charging and access the powered device in order to cause physical damage due to excessively high voltage — either to cause a complete explosion, or destruction of an important hardware which renders the device useless.
This is possible because the malware introduced by the hackers into the product overrides its capacity to restrict more charges beyond the level of voltage permitted.
It will interest you to know that most new devices like phones, PC, tablets, notebooks all have the fast-charging technology. But then, BadPower has nothing to do with invading your privacy.
According to the report, there’s usually a signal between the power-generating source and the power-receiving port and the firmware inside a normal-functioning fast-charging product. This is meant to ensure that only the required charge is absorbed.
But when corrupted, the firmware’s communication is altered, hence, nothing to regulate the voltage.
A trigger is needed from the phone/device
The report stated that a BadPower attack can happen in two ways: using a corrupted device to infiltrate a charger’s firmware first before connecting it to the targeted device(s), or exploiting the vulnerability of a charger through a malware installed on the powered device.
What is clear in either case is that a device has to be responsible to trigger the BadPower feature in the charger.
Touseef Gul, a Pakistani Penetration Tester, explains that this fault could have only resulted from a misconfiguration of these chargers, because it is impossible for a hacker to interact remotely with a flaw in a charger.
And this was also confirmed by the researchers involved in the report.
Unfortunately, a lot of misconfigured chargers with this defect are reportedly out in the market. Out of 34 tested chargers, 18 has such fault; and this includes 8 brands.
Likewise, it was discovered that the chip in some chargers activates this fault by default after the production process is complete.
“Xuanwu Lab investigated 34 fast-charging chip manufacturers and found that at least 18 chip manufacturers produce chips that can update firmware after finished products,” the report stated.
How to protect your devices
The report described how users can protect themselves by updating the device’s firmware which will also prevent other software vulnerabilities.
Also, it explicitly stated that users should not easily give their chargers, power banks, etc. to others.
At the same time, it recommended not to use Type-C to other USB interface cables which allows the fast charging device to supply power to powered devices that do not support fast charging.
While device manufacturers continue to devise means to help prolong phone usage time, there’s no telling that vulnerabilities like this will continue to put users at risk.
If this is anything like the introduction of longlasting lithium-sulfur batteries — which are reportedly at the risk of explosion — it is expected that manufacturers will get the BadPower concern under control before more users are put at risk of device explosion.
Jan. 25: New Built in Africa episode – Selar: End-to-end eCommerce platform for Africa’s passion economy
On March 25, 2021, Techpoint Africa will be hosting the brightest minds in decentralised finance/crypto at the Digital Currency Summit tagged “Building the money of the future” Click here for more details, registration and sponsorship. Location: Fourpoint by Sheraton, V.I. Lagos.