A Chinese security lab has discovered a new security threat wherein attackers target a fast charger's firmware and modifies it so that when someone plugs a device into it, it will cause damage to that device--and by damage, researchers from the Tencent Security Labs say it could cause components to pop and burn, leading to severe and often irreversible damage to the device.
Attackers Could Use Fast Chargers to Cause Damages
Android Central, which reported the new exploit first, broke down what happens when you use a fast charger and how attackers could use it to cause harm.
According to the news outlet, the charger and your device communicate when using a fast-charging technology, knowing how much battery charge is left, the voltage applied to the charging circuit within the device and the temperature.
It turns out that these fast charging techs have their own firmware and microprocessor that collects and handles all the information acquired from your device.
Nevertheless, the report noted that the firmware is not precisely a full-blown OS, but developers do put basic code on it, written in the charger's memory.
Some of these fast chargers could also update the firmware through the USB cable that you plug your device into--and that's how attackers could exploit the tech, they could alter the charger's firmware through another device.
How the Exploit Happens
By altering the firmware, attackers could teach the fast charger to send too much voltage to your device and frying it from the inside.
Tencent has tested 35 fast charger models from various manufacturers and found 18 models from eight different manufacturers have shown vulnerability.
They were able to get the results by overwriting the firmware of the models they tested using an exploit known as "BadPower," according to Futurism.
The security lab has even published a demo video where a device burned up after a BadPower exploit has been injected on the fast charger it was using, showing how severe the damages this security vulnerability could bring to devices.
Nevertheless, Tencent did not name any manufacturers that have created vulnerable equipment, so if you're using a fast charger, it's better to assume that it could be vulnerable to such exploit and be sure never to lend them to strangers.
Phones Could Turn Into BadPower Machines
Besides attacking a fast charger's firmware, it is also possible for a device to turn into a BadPower machine, which would send bad firmware to any charger it is plugged into.
According to Tencent, there are a couple of ways wherein fast charging technology manufacturers could avoid such vulnerability: they could use a method wherein the only updates that the fast charger accepts is signed by the company that wrote the original firmware, or they could stop fast chargers from accepting updates altogether.
There is no reason to panic as there have been no reports of attacks targeting fast chargers with such an exploit, but since it could possibly happen, the security lab reminds everyone to be careful with their devices and never let anyone use them, especially strangers.