Stories
Slash Boxes
Comments

SoylentNews is people

SoylentNews is powered by your submissions, so send in your scoop. Only 16 submissions in the queue.

Hackers Can Now Trick USB Chargers to Destroy Your Devices

posted by martyb on Monday July 20 2020, @06:49PM   Printer-friendly
from the Phones-do-not-come-with-a-fuse? dept.

upstart writes in with an IRC submission:

Another cyber warning has been issued about the risk from compromised chargers—but this time data theft is not the issue...

Hackers Can Now Trick Usb Chargers To Destroy Your Devices—This Is How It Works:

Not all cyber attacks focus on data theft. Sometimes the intent is "to achieve destruction of the physical world through digital means," Chinese tech giant Tencent warns. The company's researchers have just disclosed a serious new vulnerability in many of the mass-market fast chargers now used around the world.

[...] Tencent’s researchers have now proven that a compromised charger can override this negotiation, pushing more power down the cable than the device can safely handle, likely destroying the device and potentially even setting it on fire.

Because the fast charger is essentially a smart device in its own right, it is open to a malicious compromise. An attack is very simple. With malware loaded onto a smartphone, an attacker connects to the charger, overwriting its firmware and essentially arming it as a weapon for whatever plugs in to it next.

The interesting twist here is that the malware might even be on the target device. An attacker pushes that malicious code to your phone. The first time you connect to a vulnerable fast charger, the phone overwrites its firmware. The next time you connect to that same charger to [recharge] your device, your phone will be overloaded.

Tencent has produced a demo video, showing how a charger can be compromised and then used to overload a device.

Tencent have dubbed this issue "BadPower," and warn that "all products with BadPower problems can be attacked by special hardware, and a considerable number of them can also be attacked by ordinary terminals such as mobile phones, tablets, and laptops that support the fast charging protocol."

 
This discussion has been archived. No new comments can be posted.
Hackers Can Now Trick USB Chargers to Destroy Your Devices | Log In/Create an Account | Top | 60 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 0) by Anonymous Coward on Tuesday July 21 2020, @02:14AM

    by Anonymous Coward on Tuesday July 21 2020, @02:14AM (#1024406)

    This would work by doing something like this:

    Device asks for 12v - send 24v instead.

    Device asks for 20v - send 40v instead.

    etc....

    What this is pointing out is that the devices do not have sufficient charge port protection to disconnect from the voltage source when the wrong voltage is applied. The designers have gone and created the smoking hardware variant of the software "bad data received, formatting hard drive" bug.

    Do not trust the other device to behave as requested, and build your charge port inputs under the assumption that the device on the other end might miss-behave, and you won't have this problem.