Stories
Slash Boxes
Comments

SoylentNews is people

Hackers Can Now Trick USB Chargers to Destroy Your Devices

posted by martyb on Monday July 20 2020, @06:49PM   Printer-friendly
from the Phones-do-not-come-with-a-fuse? dept.

upstart writes in with an IRC submission:

Another cyber warning has been issued about the risk from compromised chargers—but this time data theft is not the issue...

Hackers Can Now Trick Usb Chargers To Destroy Your Devices—This Is How It Works:

Not all cyber attacks focus on data theft. Sometimes the intent is "to achieve destruction of the physical world through digital means," Chinese tech giant Tencent warns. The company's researchers have just disclosed a serious new vulnerability in many of the mass-market fast chargers now used around the world.

[...] Tencent’s researchers have now proven that a compromised charger can override this negotiation, pushing more power down the cable than the device can safely handle, likely destroying the device and potentially even setting it on fire.

Because the fast charger is essentially a smart device in its own right, it is open to a malicious compromise. An attack is very simple. With malware loaded onto a smartphone, an attacker connects to the charger, overwriting its firmware and essentially arming it as a weapon for whatever plugs in to it next.

The interesting twist here is that the malware might even be on the target device. An attacker pushes that malicious code to your phone. The first time you connect to a vulnerable fast charger, the phone overwrites its firmware. The next time you connect to that same charger to [recharge] your device, your phone will be overloaded.

Tencent has produced a demo video, showing how a charger can be compromised and then used to overload a device.

Tencent have dubbed this issue "BadPower," and warn that "all products with BadPower problems can be attacked by special hardware, and a considerable number of them can also be attacked by ordinary terminals such as mobile phones, tablets, and laptops that support the fast charging protocol."

 
This discussion has been archived. No new comments can be posted.
Hackers Can Now Trick USB Chargers to Destroy Your Devices | Log In/Create an Account | Top | 60 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: -1, Redundant) by Anonymous Coward on Tuesday July 21 2020, @03:46AM (1 child)

    by Anonymous Coward on Tuesday July 21 2020, @03:46AM (#1024438)

    This is telling me that if I buy a charger it could put more voltage than it should and hence fry my phone if there is something wrong with the charger? Or if the person selling me the charger is malicious?

    So if the chargers are bad how is this supposed to work then?

    Step 1: Malicious vendor on Amazon, Ebay, Alibaba, or even my local Fry's electronics or whatever sells chargers with the intent of frying my phone.
    Step 2: I buy charger.
    Ste 3: It fries my phone
    Step 4: I give the vendor a bad review
    Step 5: The vendor can't sell any more chargers
    ???
    Step 7: Profit!!!!
    Step 8: I sue the vendor
    Step 9: the vendor has to potentially pay money to defend himself in court and potentially lose and pay for my phone and maybe the cost of my house burning down if the phone caught fire due to his charger
    ???
    Step 11: PROFIT!!!!

    I'm just not getting this. This same thing can be said about any power adapter. If I buy a power adapter for my laptop and it puts way more voltage than what it's rated to put it could fry my laptop. Or even my shaver. If the power adapter that came with my shaver has the wrong voltage it could fry my shaver. Presumably the manufacturer of my washing machine doesn't want the thing to catch fire and burn my house down but, sure, I'm sure they can design a washing machine and dryer that can burn my house down. Sure the manufacturer of a hair dryer can design one that catches fire.

    I already know this. Presumably I buy my products from a trustworthy source that wants to maintain its trustworthiness so that it can continue to profit from my business and its good reputation. Presumably the businesses that are selling me my charger don't want to burn my house down because that's not how it's going to profit.

    So when I buy a charger I presume the vendor's intent is to make money and if their chargers are bad they will have bad reviews, they won't be able to sell their charger, and they will lose money and even potentially get sued for damages.

    I don't see how this is news.

    Starting Score:    0  points
    Moderation   -1  
       Redundant=1, Total=1
    Extra 'Redundant' Modifier   0  
    Total Score:   -1  

  • (Score: 1) by anubi on Wednesday July 22 2020, @02:20AM

    by anubi (2828) on Wednesday July 22 2020, @02:20AM (#1024836) Journal

    Business people are masters at the art of obfuscation and misdirection.

    Sue who? The unnamed group who made the thing is somewhere we can't get to and our laws do not apply.

    Whack-a-Mole. Same game as copyright violations.

    Incidentally, has anyone had experience driving a switching power converter with the output from another power converter? I can tell you some power supplies will become extremely unstable if loaded with a periodic load. I have handmade quite a few test jigs to help me ferret out this quite destructive demon that silently lies in wait until just the right frequency is applied as a load.

    --
    "Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]