Another cyber warning has been issued about the risk from compromised chargers—but this time data theft is not the issue...
Hackers Can Now Trick Usb Chargers To Destroy Your Devices—This Is How It Works:
Not all cyber attacks focus on data theft. Sometimes the intent is "to achieve destruction of the physical world through digital means," Chinese tech giant Tencent warns. The company's researchers have just disclosed a serious new vulnerability in many of the mass-market fast chargers now used around the world.
[...] Tencent’s researchers have now proven that a compromised charger can override this negotiation, pushing more power down the cable than the device can safely handle, likely destroying the device and potentially even setting it on fire.
Because the fast charger is essentially a smart device in its own right, it is open to a malicious compromise. An attack is very simple. With malware loaded onto a smartphone, an attacker connects to the charger, overwriting its firmware and essentially arming it as a weapon for whatever plugs in to it next.
The interesting twist here is that the malware might even be on the target device. An attacker pushes that malicious code to your phone. The first time you connect to a vulnerable fast charger, the phone overwrites its firmware. The next time you connect to that same charger to [recharge] your device, your phone will be overloaded.
Tencent has produced a demo video, showing how a charger can be compromised and then used to overload a device.
Tencent have dubbed this issue "BadPower," and warn that "all products with BadPower problems can be attacked by special hardware, and a considerable number of them can also be attacked by ordinary terminals such as mobile phones, tablets, and laptops that support the fast charging protocol."
(Score: 0) by Anonymous Coward on Monday July 20 2020, @07:28PM (4 children)
> You shall not entrust a critical fixpoint of physically engineered structure to software.
Sounds important in your odd flowery English, but (if I understand you correctly), all you are saying is: critical systems shouldn't depend on software.
Depending on what we determine to be "critical", we are far, far past this point. I mean, it's unfortunate if the little battery in your phone goes pop and burns up the sofa where you left it charging--if you are lucky the smoke detector in the room will give you enough warning to solve the problem with minimum damage. It's another thing when the descendants of Stuxnet destroy large facilities.
(Score: 2) by maxwell demon on Monday July 20 2020, @09:02PM (3 children)
If you are unlucky, the smoke detector also got hacked, and refuses to alert you of the problem.
The Tao of math: The numbers you can count are not the real numbers.
(Score: 2) by MostCynical on Monday July 20 2020, @09:58PM
you didn't pay the extra subscription for the AlertTone(tm), did you?
"I guess once you start doubting, there's no end to it." -Batou, Ghost in the Shell: Stand Alone Complex
(Score: 4, Informative) by coolgopher on Tuesday July 21 2020, @12:11PM (1 child)
No, the fancy IoT smoke alarm stopped working when the company went bust and took down their cloud...
(Score: 2) by Bot on Wednesday July 22 2020, @01:16PM
Kind of a holy grail of cloud computing. You take down one cloud, fire ensues, another cloud forms automatically.
Account abandoned.