SoylentNews is people
SoylentNews
Another cyber warning has been issued about the risk from compromised chargers—but this time data theft is not the issue...
Hackers Can Now Trick Usb Chargers To Destroy Your Devices—This Is How It Works:
Not all cyber attacks focus on data theft. Sometimes the intent is "to achieve destruction of the physical world through digital means," Chinese tech giant Tencent warns. The company's researchers have just disclosed a serious new vulnerability in many of the mass-market fast chargers now used around the world.
[...] Tencent’s researchers have now proven that a compromised charger can override this negotiation, pushing more power down the cable than the device can safely handle, likely destroying the device and potentially even setting it on fire.
Because the fast charger is essentially a smart device in its own right, it is open to a malicious compromise. An attack is very simple. With malware loaded onto a smartphone, an attacker connects to the charger, overwriting its firmware and essentially arming it as a weapon for whatever plugs in to it next.
The interesting twist here is that the malware might even be on the target device. An attacker pushes that malicious code to your phone. The first time you connect to a vulnerable fast charger, the phone overwrites its firmware. The next time you connect to that same charger to [recharge] your device, your phone will be overloaded.
Tencent has produced a demo video, showing how a charger can be compromised and then used to overload a device.
Tencent have dubbed this issue "BadPower," and warn that "all products with BadPower problems can be attacked by special hardware, and a considerable number of them can also be attacked by ordinary terminals such as mobile phones, tablets, and laptops that support the fast charging protocol."
(Score: 2) by DannyB on Tuesday July 21 2020, @01:35PM (2 children)
This was one of the problems of the Raspberry Pi 4. It has a USB-C charge port. But its designers seemed to have the quaint idea that it should only be 5V and not negotiate for more. Just like programmers don't negotiate for more.
The lower I set my standards the more accomplishments I have.
(Score: 0) by Anonymous Coward on Tuesday July 21 2020, @02:01PM (1 child)
I remember reading somewhere about a phone that always overheated when charged in the car. Turned out that the cheap car charger (lighter socket-->USB) was supplying nominal 12VDC (possibly more, since cars often run up to 14+ volts when running). So either that dollar-store-car-charger had no 5 volt regulator inside, or the regulator failed leaving the full input voltage available at the USB end.
While I haven't read anything about other charger failures, it seems possible that mains voltage (115AC in USA) could also make it through to the USB connectors if a home charger failed...
Prudent device design should protect for both these cases?
(Score: 2) by DannyB on Tuesday July 21 2020, @05:34PM
We are potentially talking about considerable amounts of power.
A USB-C laptop charger can provide up to 100 W. A USB-C phone charger up to 15 W.
You CAN actually use the laptop charger on a phone, and phone charger on a laptop.
The phone simply charges fast. The laptop warns that it is charging slowly.
My wife and I plan to only buy USB-C laptop chargers in the future because they're almost as cheap as phone chargers.
A Raspberry PI design assumes more power is delivered by more current rather than higher voltage. By negotiating higher voltage, you don't need thicker USB-C cables to charge a laptop.
The lower I set my standards the more accomplishments I have.