Another cyber warning has been issued about the risk from compromised chargers—but this time data theft is not the issue...
Hackers Can Now Trick Usb Chargers To Destroy Your Devices—This Is How It Works:
Not all cyber attacks focus on data theft. Sometimes the intent is "to achieve destruction of the physical world through digital means," Chinese tech giant Tencent warns. The company's researchers have just disclosed a serious new vulnerability in many of the mass-market fast chargers now used around the world.
[...] Tencent’s researchers have now proven that a compromised charger can override this negotiation, pushing more power down the cable than the device can safely handle, likely destroying the device and potentially even setting it on fire.
Because the fast charger is essentially a smart device in its own right, it is open to a malicious compromise. An attack is very simple. With malware loaded onto a smartphone, an attacker connects to the charger, overwriting its firmware and essentially arming it as a weapon for whatever plugs in to it next.
The interesting twist here is that the malware might even be on the target device. An attacker pushes that malicious code to your phone. The first time you connect to a vulnerable fast charger, the phone overwrites its firmware. The next time you connect to that same charger to [recharge] your device, your phone will be overloaded.
Tencent has produced a demo video, showing how a charger can be compromised and then used to overload a device.
Tencent have dubbed this issue "BadPower," and warn that "all products with BadPower problems can be attacked by special hardware, and a considerable number of them can also be attacked by ordinary terminals such as mobile phones, tablets, and laptops that support the fast charging protocol."
(Score: 3, Insightful) by sjames on Tuesday July 21 2020, @12:31AM (12 children)
In this case, the issue is voltage/current that the device itself can't handle at all. The demo video shows the smoke being let out of a device by the hacked charger. Really, any device that can plug in to USB-C should be able to deal with 20v even if it has to disconnect/shut down to do it. That accomplished, the on-board charge controller should be able to charge the battery safely even if the charger pegs itself at 20v.
Meanwhile, any adapter to allow a pre USB-C phone to be plugged in should absolutely limit the supply voltage to 5v or disconnect.
That would at least avoid device destroying events.
(Score: 2) by JoeMerchant on Tuesday July 21 2020, @01:57AM (11 children)
and unlimited current, yes, it should - but that would raise the cost of the on-board device, increase it's size, weight, heat generated, all by tiny fractions that are unacceptable in the consumer electronics competitive marketplace. Shouldn't be that way, but it is.
I think the year was something like 1994 when Cypress Semiconductor sent me a "sample" USB mouse and T-shirt, touting the benefits of this brave new replacement for RS232 - all I could think at the time was: "Oh, yeah, this is gonna screw everything up."
The main feature of USB is its low per-unit cost, that comes at a pretty high price for the design of those units - and people will skimp on that design in all kinds of ways, including the potential to let the smoke out - because: as everyone who sells consumer electronics knows, when you make things that last forever, you screw yourself out of the replacements business.
🌻🌻 [google.com]
(Score: 2) by sjames on Tuesday July 21 2020, @06:02AM (10 children)
Surely a device costing near $1000 can afford a couple polyfuses and a zener diode for clamping.
(Score: 3, Interesting) by JoeMerchant on Tuesday July 21 2020, @11:49AM (8 children)
You would think so... now, make 10 million of these $1000 retail devices, which trade for $600 at wholesale, which have $200 per device spent on corporate level marketing, which already cost $150 in parts and labor to manufacture, and convince the board of directors that dropping your net profit on the $50 million R&D investment from $450 million to $440 million (by increasing the per unit cost of manufacture to $151) is a good idea.
🌻🌻 [google.com]
(Score: 2) by sjames on Tuesday July 21 2020, @07:53PM (7 children)
Sadly, it won't happen until people realize that they're paying $1000 for junk and the sales shift to support someone who does spend the extra $0.50/unit.
(Score: 2) by JoeMerchant on Tuesday July 21 2020, @08:19PM (6 children)
Yeah, you'd think that, wouldn't you?
The consumer electronics marketplace of the past 50 years has done nothing but laugh at your silly idealistic notion.
🌻🌻 [google.com]
(Score: 2) by sjames on Wednesday July 22 2020, @01:17AM (5 children)
And that's why capitalism only works when it is well regulated.
It's why phones all used to have their own special snowflake charger until the EU put it's foot down.
(Score: 2) by JoeMerchant on Wednesday July 22 2020, @02:33AM (4 children)
Capitalism, as practiced on Earth, is regulated as all hell. There is no such thing as a free market anywhere in the economic foodchain above the Flea market.
🌻🌻 [google.com]
(Score: 2) by sjames on Wednesday July 22 2020, @03:09AM (3 children)
But is it WELL regulated?
(Score: 2) by JoeMerchant on Wednesday July 22 2020, @11:22AM (2 children)
According to Bezos and the other billionaires, yes, very well thank you, couldn't be better in fact.
🌻🌻 [google.com]
(Score: 2) by sjames on Thursday July 23 2020, @10:07AM (1 child)
News flash: Fox declares Henhouse security sufficient!
(Score: 2) by JoeMerchant on Thursday July 23 2020, @01:29PM
Never really highlighted in the news: the Henhouses have been 100% Fox run operations since forever. The Foxes feel that they are entitled to anything and everything produced in the Henhouses, because their ancestors paid Hens to build them, gathered all the Hens out of the countryside and crammed them into the houses, paid Hens to develop the technology to cram ever more Hens into the houses. If it wasn't for Fox money, those Hens would be free range, unproductive. Of course the Foxes deserve to make all the decisions - which is why the COVID bailout went mostly directly to the Foxes, and the choice in the coming election is between Fox1 and Fox2.
🌻🌻 [google.com]
(Score: 4, Funny) by DannyB on Tuesday July 21 2020, @01:32PM
The $1000 device can be smart enough to protect those polyfuses and the zener diode by blowing first.
To transfer files: right-click on file, pick Copy. Unplug mouse, plug mouse into other computer. Right-click, paste.