BadPower: Fast chargers can be modified to damage mobile devices

If you needed another reason not to use a charger made available at a coffeeshop or airport or by an acquaintance, here it is: maliciously modified fast chargers may damage your phone, tablet or laptop and set it on fire.

Researchers from Tencent‘s Xuanwu Lab have demonstrated how some fast chargers may be easily and quickly modified to deliver too much power at once and effectively “overwhelm” digital devices:

How is this possible?

As out use of digital mobile devices increased, so did the need to be able to charge them quickly. Fast chargers and power banks are not a rarity anymore, and most digital devices now support fast charging.

The charging operation is performed after the power supply terminal and the power receiving device negotiate and agree on the amount of power both parties can support.

The set of programs that complete the power negotiation and control the charging process is usually stored in the firmware of the fast charge management chip at the power supply terminal and the power receiver terminal, the researchers explained.

Unfortunately, that code can be rewritten by malicious actors because “some manufacturers have designed interfaces that can read and write built-in firmware in the data channel, but they have not performed effective security verification of the read and write behavior, or there are problems in the verification process, or the implementation of the fast charge protocol has some memory corruption problems.”

Even worse: the attack (dubbed BadPower) can be performed in a way that will not raise any suspicion: the attacker may rewrite the firmware by simply connecting a mobile device loaded with attack code to the charger.

Users’ mobile devices can also be implanted with malware with BadPower attack capabilities and be the infection agent for every fast charger that is connected to it.

Possible solutions

Tencent’s researchers tested 35 of the 234 fast charging devices currently available on the market, and found that at least 18 of them (by 8 different brands) are susceptible to BadPower attacks.

They also discovered that at least 18 fast-charging chip manufacturers produce chips with the ability to update firmware after the product is built.

End users are advised to keep their devices safe by not giving their own fast charger and power bank to others and by not using those belonging to other people or establishments.

Ultimately, though, this is a problem that has to be solved by the manufacturers.

They should make sure that fast chargers’ firmware is without common software vulnerabilities and make sure that firmware can’t be modified without authorization.

“At the same time, we also suggest adding technical requirements for safety verification during firmware update to the relevant national standards for fast charging technology,” the researchers added.

“It is recommended to add components such as chip fuses to non-fast charging and receiving equipment powered by the USB interface, or an overvoltage protection circuit that can withstand at least 20V. It is recommended that powered devices that support fast charging continue to check the input voltage and current after power negotiation to confirm that they meet the negotiated range.”