Hack into a phone charger

See in this article how they can hack your phone charger and what damage they can do to you.

We live in an age where malware is targeting cell phones and other devices from the Internet of Things (IoT) world. This is not a desirable situation, but unfortunately, it happens more and more often and in a catastrophic way.

Of course, criminals look for different ways to exploit attacks, choosing different paths and landscapes each time. Recently, investigators found an attack on cell phone chargers that could cause the phone to melt or burn.

Introduction to the "bad charge" attack
Security investigators have managed to compromise a wide variety of malicious chargers so that they provide more voltage than the connected device could handle. Thus, this attack approach caused an overload which in turn caused a spark and eventually the burning and melting of the components inside the affected electronics.

The attack is known as bad power. It works by changing the default parameters in the firmware of a fast charger.

Photo 1: Typical fast chargers that are potentially vulnerable to this attack

Let's understand a little how fast chargers work. They may look like a regular charger, but they are made with special firmware. The firmware of such a charger can talk to the connected device to determine a charging speed based on the capabilities of the device. Remember that each device has its own characteristics and current speed.

In this sense, if the destination device does not support fast charging function, the fast charger provides the standard 5V power. On the other hand, if it accepts larger charging inputs, the charger can use 12V, 20V or even higher potential difference values, ie charging. This is the crucial point where a bad charge attack can be exploited.

Such an attack destroys the charger firmware. Exploit changes the default charging parameters in the firmware and pushes it to give a higher voltage than the charger can handle. This unusual behavior destroys and degrades the components of the camera, leading it to the dramatic scenario, to burn it completely.

The video below is a testament to the Tencent Security Lab's idea of ​​this kind of attack.

Attack of bad charge with numbers
The research team of the Tencent laboratory tested this attack on 35 fast chargers from 234 models available in the market. According to the article, 18 models from 8 different suppliers were vulnerable to this defect.

The worst case scenario is for some chargers from certain vendors. In this respect, this defect is considered a critical problem and without a quick and effective solution. Many people have three or four chargers in their homes that are most likely to be vulnerable.

Be careful with your device
One of the peculiarities of this attack is that anyone can make it deadly and silent. It only takes one simple step to destroy any device: connect it to the tampered fast charger. In the worst case scenario, the attack can destroy your device in a matter of seconds.

Photo 2: The device is damaged when connected to the "malicious" fast charger.

According to the researchers, "with some fast chargers, intruders do not even need hardware. They can load the attack code to modify the firmware on the target smartphone or laptop. "When a victim connects their infected smartphone or laptop to a fast charger, the device could become a waste of fire."

Conclusion
Exploitation of natural hardware defects should be considered as a serious problem. Although poor charging can damage the target device, the damage caused by this attack varies depending on the fast charger model and mobile device and malware protection.

The researchers did not share the names of the vulnerable products, but contacted the specific manufacturers. China National Vulnerability Database was also informed of the potential problem.

In order to mitigate and reduce the risks of this attack, manufacturers are advised to add additional fuses to devices that support fast charging. Another suggestion is to include hardening firmware to prevent unauthorized modifications, as well as to develop overload protection on devices with rechargeable batteries.

For users, they should be warned about the problems of using third-party chargers or power banks or even from public charging stations, for example, at airports, markets and so on.