We live in an age where malware targets smartphones and other Internet of Things (IoT) devices.
Of course, hackers look for other ways to exploit attacks, choosing different "paths". Recently, this has focused on chargers that can attack a smartphone until it melts or burns.
Introduction to the "bad power" attack
Security researchers have recently managed to compromise a wide variety of malicious chargers and provide more voltage than a connected device could handle. With this approach, the overload caused a spark, and the burning of device components.
The attack is known as bad power. It works by changing the default parameters in the charger firmware.
Figure 1: Ordinary fast chargers, potentially vulnerable to this attack
Let's understand a little how fast chargers work. It may look like a regular charger, but it is made with special hardware. The charger hardware can communicate with the connected device to determine a charging speed based on the capabilities of the device. Also remember that each device has its own characteristics and power speed.
In this sense, if the destination device does not support fast charging function, the fast charger provides the standard power - 5V. On the other hand, if it accepts larger charging inputs, the charger can use 12V, 20V or even higher charging speeds. This is the crucial point where a bad power attack can be exploited.
The bad power attack destroys the charger hardware. The operation changes the default charging parameters on the hardware and increases the voltage to a number that the charger cannot handle. This unusual behavior leads to dramatic scenarios.
The following video is a demonstration of this technique by Tencent Security Lab, in order to show us how a bad power attack destroys our device.
The Tencent research team tested the bad power attack on 35 fast chargers from 234 models available on the market. So 18 models from 8 different suppliers were vulnerable to this attack.
The worst case scenario is for some chargers from certain vendors. The power attack can be corrected on simple chargers by updating the device hardware, but the researchers said that 18 chip vendors do not have a hardware update option. In this case, there is no way to fix the vulnerability on these devices.
In this respect, the defect is considered critical and without a quick and effective solution.
Be careful with your device
One of the peculiarities of this attack is that with one simple step you can destroy any device: connect it to the right fast charger. In the worst case scenario, the attack can damage the device in just a few seconds.
Figure 2: H device is damaged when connected to a "malicious" fast charger.
According to the researchers, "with some fast chargers, intruders do not even need the hardware. They can load the attack code to modify the hardware on the target smartphone or laptop. "When a victim connects their infected smartphone or laptop to a fast charger, the device could catch fire."