SoylentNews is people
SoylentNews
Another cyber warning has been issued about the risk from compromised chargers—but this time data theft is not the issue...
Hackers Can Now Trick Usb Chargers To Destroy Your Devices—This Is How It Works:
Not all cyber attacks focus on data theft. Sometimes the intent is "to achieve destruction of the physical world through digital means," Chinese tech giant Tencent warns. The company's researchers have just disclosed a serious new vulnerability in many of the mass-market fast chargers now used around the world.
[...] Tencent’s researchers have now proven that a compromised charger can override this negotiation, pushing more power down the cable than the device can safely handle, likely destroying the device and potentially even setting it on fire.
Because the fast charger is essentially a smart device in its own right, it is open to a malicious compromise. An attack is very simple. With malware loaded onto a smartphone, an attacker connects to the charger, overwriting its firmware and essentially arming it as a weapon for whatever plugs in to it next.
The interesting twist here is that the malware might even be on the target device. An attacker pushes that malicious code to your phone. The first time you connect to a vulnerable fast charger, the phone overwrites its firmware. The next time you connect to that same charger to [recharge] your device, your phone will be overloaded.
Tencent has produced a demo video, showing how a charger can be compromised and then used to overload a device.
Tencent have dubbed this issue "BadPower," and warn that "all products with BadPower problems can be attacked by special hardware, and a considerable number of them can also be attacked by ordinary terminals such as mobile phones, tablets, and laptops that support the fast charging protocol."
(Score: 3, Interesting) by Common Joe on Tuesday July 21 2020, @09:03AM (1 child)
Heh.
Some of these supposed experts took 10 years to figure out that maybe perhaps having two control panels isn't the brightest of ideas. And they figured out they should ignore years of research so that they can make buttons not look like buttons in a UI. And that installing firmware without a physical switch to explicitly allow an update it is also a great idea. (In the old days, we used jumpers, but a switch would work just fine.) And, of course, the internet of things is a great idea when there isn't a plan to push security updates. And we should use hackable, non-verifiable electronic voting machines instead of paper ballots. And that writing the majority of our important software on a house of cards is also the right direction to go in (i.e., web development which uses dozens or even hundreds of 3rd party apps / APIs)
Quite frankly, I'm amazed technology still works at all.
What I'm trying to say is, don't hold your breath on this USB thing. People will have to die before they wise up. Which, interestingly enough, might happen in this circumstance, but it will still take time. And once you get your wish, don't expect experts to become actual experts. They'll fix just that one problem because money (law suits) was involved.
(Score: 3, Interesting) by Bot on Tuesday July 21 2020, @12:16PM
>And we should use hackable, non-verifiable electronic voting machines instead of paper ballots
Me thinks that the system foists upon us shitty electronic voting machines to make sure we prefer paper ballots. This way true, alias direct, democracy stays unattainable.
Account abandoned.