Stories
Slash Boxes
Comments

SoylentNews is people

Hackers Can Now Trick USB Chargers to Destroy Your Devices

posted by martyb on Monday July 20 2020, @06:49PM   Printer-friendly
from the Phones-do-not-come-with-a-fuse? dept.

upstart writes in with an IRC submission:

Another cyber warning has been issued about the risk from compromised chargers—but this time data theft is not the issue...

Hackers Can Now Trick Usb Chargers To Destroy Your Devices—This Is How It Works:

Not all cyber attacks focus on data theft. Sometimes the intent is "to achieve destruction of the physical world through digital means," Chinese tech giant Tencent warns. The company's researchers have just disclosed a serious new vulnerability in many of the mass-market fast chargers now used around the world.

[...] Tencent’s researchers have now proven that a compromised charger can override this negotiation, pushing more power down the cable than the device can safely handle, likely destroying the device and potentially even setting it on fire.

Because the fast charger is essentially a smart device in its own right, it is open to a malicious compromise. An attack is very simple. With malware loaded onto a smartphone, an attacker connects to the charger, overwriting its firmware and essentially arming it as a weapon for whatever plugs in to it next.

The interesting twist here is that the malware might even be on the target device. An attacker pushes that malicious code to your phone. The first time you connect to a vulnerable fast charger, the phone overwrites its firmware. The next time you connect to that same charger to [recharge] your device, your phone will be overloaded.

Tencent has produced a demo video, showing how a charger can be compromised and then used to overload a device.

Tencent have dubbed this issue "BadPower," and warn that "all products with BadPower problems can be attacked by special hardware, and a considerable number of them can also be attacked by ordinary terminals such as mobile phones, tablets, and laptops that support the fast charging protocol."

 
This discussion has been archived. No new comments can be posted.
Hackers Can Now Trick USB Chargers to Destroy Your Devices | Log In/Create an Account | Top | 60 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 4, Interesting) by coolgopher on Tuesday July 21 2020, @01:00AM (6 children)

    by coolgopher (1157) on Tuesday July 21 2020, @01:00AM (#1024363)

    I really don't see how this can be a thing. You do not "push" power. The current is drawn, by the device. And any device with a lithium battery will have a dedicated charging IC to vary how much juice is allowed into the battery at any given time (proper lithium battery charging is Not Simple(tm)). None of the devices we've produced at work have ever had a programmable charging chip, and even if they had been it would've been the height of folly to expose the programming interface to the USB lines. The way the article is written it sounds like the charger is presenting itself as a USB host or device so you can then talk to it using regular USB. That sounds like an insane design. But even then, you don't push power.

    That then leaves the 20V mode of USB-C, which has to be negotiated for (in theory). And for that to be harmful we'd have to be talking about devices without overvoltage protection on the charge circuit. Which again would be insane. You don't trust your inputs. Put a polyfuse there ffs (or something better if you're wanting those 20V).

    The amount of fail that would have to be going on for this to be a thing seems staggering, unless I've missed something. Do feel free to enlighten me.

    Disclaimer: I'm not an EE, I'm just good at creating inadvertent ground loops.

    Starting Score:    1  point
    Moderation   +2  
       Interesting=2, Total=2
    Extra 'Interesting' Modifier   0  
    Karma-Bonus Modifier   +1  
    Total Score:   4  

  • (Score: 0) by Anonymous Coward on Tuesday July 21 2020, @02:14AM

    by Anonymous Coward on Tuesday July 21 2020, @02:14AM (#1024406)

    This would work by doing something like this:

    Device asks for 12v - send 24v instead.

    Device asks for 20v - send 40v instead.

    etc....

    What this is pointing out is that the devices do not have sufficient charge port protection to disconnect from the voltage source when the wrong voltage is applied. The designers have gone and created the smoking hardware variant of the software "bad data received, formatting hard drive" bug.

    Do not trust the other device to behave as requested, and build your charge port inputs under the assumption that the device on the other end might miss-behave, and you won't have this problem.

  • (Score: 2) by shortscreen on Tuesday July 21 2020, @03:45AM (3 children)

    by shortscreen (2252) on Tuesday July 21 2020, @03:45AM (#1024437) Journal

    So USB is not limited to 5V anymore? That explains everything. It does more than explain it, it makes this outcome inevitable. The headline could have just said "Some Geniuses Decided USB Ports Should Be Able to Output 20 Volts" and I could have inferred all the rest without any TFA or TFS.

    • (Score: 2) by DannyB on Tuesday July 21 2020, @01:35PM (2 children)

      by DannyB (5839) Subscriber Badge on Tuesday July 21 2020, @01:35PM (#1024564) Journal

      This was one of the problems of the Raspberry Pi 4. It has a USB-C charge port. But its designers seemed to have the quaint idea that it should only be 5V and not negotiate for more. Just like programmers don't negotiate for more.

      --
      The lower I set my standards the more accomplishments I have.

      • (Score: 0) by Anonymous Coward on Tuesday July 21 2020, @02:01PM (1 child)

        by Anonymous Coward on Tuesday July 21 2020, @02:01PM (#1024572)

        I remember reading somewhere about a phone that always overheated when charged in the car. Turned out that the cheap car charger (lighter socket-->USB) was supplying nominal 12VDC (possibly more, since cars often run up to 14+ volts when running). So either that dollar-store-car-charger had no 5 volt regulator inside, or the regulator failed leaving the full input voltage available at the USB end.

        While I haven't read anything about other charger failures, it seems possible that mains voltage (115AC in USA) could also make it through to the USB connectors if a home charger failed...

        Prudent device design should protect for both these cases?

        • (Score: 2) by DannyB on Tuesday July 21 2020, @05:34PM

          by DannyB (5839) Subscriber Badge on Tuesday July 21 2020, @05:34PM (#1024666) Journal

          We are potentially talking about considerable amounts of power.

          A USB-C laptop charger can provide up to 100 W. A USB-C phone charger up to 15 W.

          You CAN actually use the laptop charger on a phone, and phone charger on a laptop.

          The phone simply charges fast. The laptop warns that it is charging slowly.

          My wife and I plan to only buy USB-C laptop chargers in the future because they're almost as cheap as phone chargers.

          A Raspberry PI design assumes more power is delivered by more current rather than higher voltage. By negotiating higher voltage, you don't need thicker USB-C cables to charge a laptop.

          --
          The lower I set my standards the more accomplishments I have.

  • (Score: 0) by Anonymous Coward on Tuesday July 21 2020, @04:37AM

    by Anonymous Coward on Tuesday July 21 2020, @04:37AM (#1024452)

    Based on that reasoning incandescent lights wouldn't exist. As somebody that accidentally melted a tape player casing, the draw has little influence over that, the power has to go somewhere. Give something too much power and something has to come of the amps and volts.