Fast charging tech is the new trend companies are keen on adding to their devices and people keener to use them. Companies have started banking high on faster-charging speeds going up to 125W (Oppo just introduced one), making life all-the-more easier for us. However, this technology is also prone to vulnerabilities that can harm your smartphones and burn them. Read on to know what is it.
BadPower fast charger flaw can burn your smartphone
Security researchers at Tencent's Xuanwu Lab have found a flaw in fast chargers. The vulnerability, called BadPower can change the firmware of fast chargers, which can damage the connected (charging) systems by either melting their components or setting the devices on fire. The devices can include smartphones, laptops, and more products.
Before we tell you how BadPower attack works, you should know a fast charger is an ordinary-looking one but includes a special firmware. The firmware can 'speak' to the connected device and decide on a charging speed on the basis of the device's capabilities. For devices that don't support fast charging, the fast charger delivers the standard 5V of electricity. If the device can handle more charging speeds, the fast charger can provide 12V, 20V, and more speeds.
Now, the BadPower flaw attacks the firmware of the fast chargers by modifying the set charging speed parameters. This modification forces the chargers to deliver higher voltage than the devices can take, which causes damage to the device' components by melting, heating, or burning them.
The research report suggests that the Tencent team tested 35 fast chargers from 234 models, out of which, 18 were found vulnerable. What's surprising is that the BadPower attack is a silent one and can quickly impact the device without any process or prompt. The attacker just needs to attach the attack rig to the fast charger, which can be done in seconds. In some cases, the attackers don't even need any equipment for the same. They can just load the attack code to alter the firmware and when the device is connected to the charger, it will burst into flames.
As a reminder, the BadPower attack is different for different fast chargers and their charging capabilities. While the flaw can be avoided with a firmware update, the researchers have found that 18 chip vendors didn't provide the firmware update option.
The Tencent team has informed the vendors about the same to come up with a solution to remain safe from such attacks.