SoylentNews is people
SoylentNews
Another cyber warning has been issued about the risk from compromised chargers—but this time data theft is not the issue...
Hackers Can Now Trick Usb Chargers To Destroy Your Devices—This Is How It Works:
Not all cyber attacks focus on data theft. Sometimes the intent is "to achieve destruction of the physical world through digital means," Chinese tech giant Tencent warns. The company's researchers have just disclosed a serious new vulnerability in many of the mass-market fast chargers now used around the world.
[...] Tencent’s researchers have now proven that a compromised charger can override this negotiation, pushing more power down the cable than the device can safely handle, likely destroying the device and potentially even setting it on fire.
Because the fast charger is essentially a smart device in its own right, it is open to a malicious compromise. An attack is very simple. With malware loaded onto a smartphone, an attacker connects to the charger, overwriting its firmware and essentially arming it as a weapon for whatever plugs in to it next.
The interesting twist here is that the malware might even be on the target device. An attacker pushes that malicious code to your phone. The first time you connect to a vulnerable fast charger, the phone overwrites its firmware. The next time you connect to that same charger to [recharge] your device, your phone will be overloaded.
Tencent has produced a demo video, showing how a charger can be compromised and then used to overload a device.
Tencent have dubbed this issue "BadPower," and warn that "all products with BadPower problems can be attacked by special hardware, and a considerable number of them can also be attacked by ordinary terminals such as mobile phones, tablets, and laptops that support the fast charging protocol."
(Score: 5, Insightful) by Mojibake Tengu on Monday July 20 2020, @07:02PM (16 children)
You shall not entrust a critical fixpoint of physically engineered structure to software.
Because, doing thusly, it is not a fix point anymore.
The sooner the experts understand this simple mathematical commandment the quicker our civilization could return to normal progress.
Keep ignoring, and you will suffer.
The edge of 太玄 cannot be defined, for it is beyond every aspect of design
(Score: 1) by fustakrakich on Monday July 20 2020, @07:13PM (8 children)
You shall not entrust a critical fixpoint of physically engineered structure to software.
There are places you shouldn't even trust a diode or a relay. You wanna be at the actual switch/valve
La politica e i criminali sono la stessa cosa..
(Score: 3, Touché) by Bot on Monday July 20 2020, @07:27PM (5 children)
Can we still say "switch" or the trannies get offended?
Account abandoned.
(Score: 5, Funny) by fustakrakich on Monday July 20 2020, @07:34PM (4 children)
Then just cut the wire with a pair of dikes...
La politica e i criminali sono la stessa cosa..
(Score: 2) by Bot on Monday July 20 2020, @07:38PM (3 children)
Uh oh I am afraid the term "Just", subliminally reminding people of "Justice", can be used only if your skin's luma value is in the lower 75%. Do you qualify?
As for the dikes, is there anything a pair of dikes cannot achieve eventually?
Account abandoned.
(Score: 2) by DECbot on Monday July 20 2020, @09:21PM
Stretching wire. Generally, I need to use the wire stretches after too liberal applications of dikes.
cats~$ sudo chown -R us /home/base
(Score: 0) by Anonymous Coward on Monday July 20 2020, @09:44PM (1 child)
can be used only if your skin's luma value is in the lower 75%
For some reason the world hates pastels
is there anything a pair of dikes cannot achieve eventually?
Have a baby? with no outside assistance?
(Score: 2) by Bot on Wednesday July 22 2020, @01:09PM
If you can't have a baby, make friends with social services until they let you steal one. EZ
Account abandoned.
(Score: 4, Interesting) by Mojibake Tengu on Monday July 20 2020, @09:09PM (1 child)
You can actually create a completely static construction diodic device in many physical domains:
https://en.wikipedia.org/wiki/Tesla_valve [wikipedia.org]
This is kind of engineering I trust.
The edge of 太玄 cannot be defined, for it is beyond every aspect of design
(Score: 2) by Bot on Wednesday July 22 2020, @01:10PM
Yeah if there is one way to show genius is in this kind of inventions.
Account abandoned.
(Score: 0) by Anonymous Coward on Monday July 20 2020, @07:28PM (4 children)
> You shall not entrust a critical fixpoint of physically engineered structure to software.
Sounds important in your odd flowery English, but (if I understand you correctly), all you are saying is: critical systems shouldn't depend on software.
Depending on what we determine to be "critical", we are far, far past this point. I mean, it's unfortunate if the little battery in your phone goes pop and burns up the sofa where you left it charging--if you are lucky the smoke detector in the room will give you enough warning to solve the problem with minimum damage. It's another thing when the descendants of Stuxnet destroy large facilities.
(Score: 2) by maxwell demon on Monday July 20 2020, @09:02PM (3 children)
If you are unlucky, the smoke detector also got hacked, and refuses to alert you of the problem.
The Tao of math: The numbers you can count are not the real numbers.
(Score: 2) by MostCynical on Monday July 20 2020, @09:58PM
you didn't pay the extra subscription for the AlertTone(tm), did you?
"I guess once you start doubting, there's no end to it." -Batou, Ghost in the Shell: Stand Alone Complex
(Score: 4, Informative) by coolgopher on Tuesday July 21 2020, @12:11PM (1 child)
No, the fancy IoT smoke alarm stopped working when the company went bust and took down their cloud...
(Score: 2) by Bot on Wednesday July 22 2020, @01:16PM
Kind of a holy grail of cloud computing. You take down one cloud, fire ensues, another cloud forms automatically.
Account abandoned.
(Score: 3, Interesting) by Common Joe on Tuesday July 21 2020, @09:03AM (1 child)
Heh.
Some of these supposed experts took 10 years to figure out that maybe perhaps having two control panels isn't the brightest of ideas. And they figured out they should ignore years of research so that they can make buttons not look like buttons in a UI. And that installing firmware without a physical switch to explicitly allow an update it is also a great idea. (In the old days, we used jumpers, but a switch would work just fine.) And, of course, the internet of things is a great idea when there isn't a plan to push security updates. And we should use hackable, non-verifiable electronic voting machines instead of paper ballots. And that writing the majority of our important software on a house of cards is also the right direction to go in (i.e., web development which uses dozens or even hundreds of 3rd party apps / APIs)
Quite frankly, I'm amazed technology still works at all.
What I'm trying to say is, don't hold your breath on this USB thing. People will have to die before they wise up. Which, interestingly enough, might happen in this circumstance, but it will still take time. And once you get your wish, don't expect experts to become actual experts. They'll fix just that one problem because money (law suits) was involved.
(Score: 3, Interesting) by Bot on Tuesday July 21 2020, @12:16PM
>And we should use hackable, non-verifiable electronic voting machines instead of paper ballots
Me thinks that the system foists upon us shitty electronic voting machines to make sure we prefer paper ballots. This way true, alias direct, democracy stays unattainable.
Account abandoned.