Some fast-charging USB products can now expose your phones to hackers

·
July 22, 2020
·
3 min read

It is quite ironical that a tool that's suppose to save charging time now exposes users to hackers' threat. A Tencent report revealed recently that a group of researchers discovered some safety defects in fast-charging products, a phenomenon called 'BadPower'.

This implies that hackers can now hijack some products that support fast charging and access the powered device in order to cause physical damage due to excessively high voltage -- either to cause a complete explosion, or destruction of an important hardware which renders the device useless.

This is possible because the malware introduced by the hackers into the product overrides its capacity to restrict more charges beyond the level of voltage permitted.

It will interest you to know that most new devices like phones, PC, tablets, notebooks all have the fast-charging technology. But then, BadPower has nothing to do with invading your privacy.

Advertisement

According to the report, there's usually a signal between the power-generating source and the power-receiving port and the firmware inside a normal-functioning fast-charging product. This is meant to ensure that only the required charge is absorbed.

But when corrupted, the firmware's communication is altered, hence, nothing to regulate the voltage.

A trigger is needed from the phone/device

The report stated that a BadPower attack can happen in two ways: using a corrupted device to infiltrate a charger's firmware first before connecting it to the targeted device(s), or exploiting the vulnerability of a charger through a malware installed on the powered device.

What is clear in either case is that a device has to be responsible to trigger the BadPower feature in the charger.

Touseef Gul, a Pakistani Penetration Tester, explains that this fault could have only resulted from a misconfiguration of these chargers, because it is impossible for a hacker to interact remotely with a flaw in a charger.

Be the smartest in the room

Join 30,000 subscribers who receive Techpoint Digest, a fun week-daily 5-minute roundup of happenings in African and global tech, directly in your inbox, hours before everyone else.
Digest Subscription

Give it a try, you can unsubscribe anytime. Privacy Policy.

And this was also confirmed by the researchers involved in the report.

Unfortunately, a lot of misconfigured chargers with this defect are reportedly out in the market. Out of 34 tested chargers, 18 has such fault; and this includes 8 brands.

Likewise, it was discovered that the chip in some chargers activates this fault by default after the production process is complete.

"Xuanwu Lab investigated 34 fast-charging chip manufacturers and found that at least 18 chip manufacturers produce chips that can update firmware after finished products," the report stated.

How to protect your devices

The report described how users can protect themselves by updating the device's firmware which will also prevent other software vulnerabilities.

Also, it explicitly stated that users should not easily give their chargers, power banks, etc. to others.

At the same time, it recommended not to use Type-C to other USB interface cables which allows the fast charging device to supply power to powered devices that do not support fast charging.

While device manufacturers continue to devise means to help prolong phone usage time, there's no telling that vulnerabilities like this will continue to put users at risk.

If this is anything like the introduction of longlasting lithium-sulfur batteries --  which are reportedly at the risk of explosion -- it is expected that manufacturers will get the BadPower concern under control before more users are put at risk of device explosion.

Human enthusiast | Writer | Senior reporter | Podcaster. Find me on Twitter @Nifemeah.
Human enthusiast | Writer | Senior reporter | Podcaster. Find me on Twitter @Nifemeah.
Subscribe To Techpoint Digest
Join thousands of subscribers to receive our fun week-daily 5-minute roundup of happenings in African and global tech, directly in your inbox, hours before everyone else.
This is A daily 5-minute roundup of happenings in African and global tech, sent directly to your email inbox, between 5 a.m. and 7 a.m (WAT) every week day! 
Digest Subscription

Give it a try, you can unsubscribe anytime. Privacy Policy.

Human enthusiast | Writer | Senior reporter | Podcaster. Find me on Twitter @Nifemeah.

Other Stories

43b, Emina Cres, Allen, Ikeja.

 Techpremier Media Limited. All rights reserved
magnifier