BadPower, a new attack discovered by Tencent researchers, makes it possible to burn or melt the electronic components of devices connected to fast chargers.
Sometimes cyberattacks inflict immediate damage on the material they target. This is the case of BadPower, discovered by cybersecurity researchers from Xuanwu Lab, one of Tencent’s laboratories.
Their cyber attack, spotted by ZDNet, melts or ignites the components of devices connected to fast chargers. To achieve this, they modify the firmware, a deep software layer in charge of the charger’s operation, so that it will send too much energy. The connected device will not support the load, and will overheat to the point of physical damage.
The Xuanwu Lab tested BadPower on 35 different chargers (15% of the models available on the market). More than half of them (specifically, 18), produced by 8 different brands whose identity is not communicated, were vulnerable to the attack. Then, the extent of the damage depends on the type of charger, but also on the protections in place on the side of the device.
The researchers say they have warned the manufacturers, and that updating the firmware of the fast chargers can protect against the attack. But it is still necessary that the models have the option of update….
Chargers too fast
The Tencent lab is stingy with technical details on BadPower for security reasons, but they show that their attack requires physical access to the loader. An attack scenario would imply, for example, that they modify a shipment of shippers before it arrives in the warehouses of an e-commerce site (such as Amazon or CDiscount). All delivered models would then be compromised and could destroy certain devices.
The researchers say that the code used to modify the firmware can be launched from a conventional computer or smartphone, connected to the charger for just a few seconds. Then, the attack is launched alone, without outside intervention, when the target will plug in his device.
Can a cyber attack on a charger ignite a building?
Concretely, a fast charger has the same appearance as a normal charger, but gets better performance thanks to its specific firmware. This feature will allow it to negotiate with the connected device to increase the charging speed, according to its capacities. It is this negotiation that BadPower will corrupt, so as to overheat the connected device.
The chargers very fast already work in particular with smartphone models from Samsung, OnePlus or Huawei that they allow recharging 0 to 100% in just 30 minutes. The technology is therefore already very widespread and is brought to be even more so. BadPower may not be of interest to cybercriminals looking for money, but it could be used in cyber warfare, to damage devices, or even strategic locations, since it is capable of starting a fire.