Security researchers at a Chinese lab called Xuanwu Lab, a research unit of the tech giant Tencent, said they are able to corrupt the firmware of fast chargers. This hack causes damage such as melting components or even set charging devices on fire. Yikes!
They call this technique, BadPower that they described in great detail in a report published by the lab last week. According to the report, BadPower corrupts the firmware of fast chargers (a new type of charger that has been around for the past few years to reduce charging times). Fast chargers look like any other charger but they use special software (firmware) to determine if a device supports fast charging or not. The firmware then delivers the necessary amount of voltage to the charging device (such as mobile phones).
BadPower alters these charging parameters to deliver more voltage than the device can handle. As a result, the components in the devices get degraded and damaged as they heat up, bend, melt, or burn. The BadPower attached is silent and requires no interactions from the attacker. It is also very fast as the attacker only needs to connect their attack device to the fast charger, wait a few seconds, and quickly leave.
Out of the 35 fast chargers tested, the researchers found 18 (from 8 manufacturers) to be vulnerable to the attack. The Tencent researchers picked 35 chargers from the 234 models available on the market. They noted that most of the BadPower problems can be fixed by updating the device firmware but not all fast chargers have firmware update capability.
The researcher notified all of the affected manufacturers about their findings to speed up development and resolutions. They also provided suggestions on how to fix the BadPower problems by hardening firmware to prevent unauthorized modifications and also deploying overload protection.
There is also a video demo of the attack on the website. It is worth a watch.