A Chinese security firm has uncovered a new exploit that can interact with the firmware used by fast chargers, allowing nefarious attackers to change essential data and damage any devices that are connected to them.
While at first sight, this may not seem to be a serious threat as smartphones have built-in safety features, a corrupted charger could send too much power, leading to melted components that could start to burn and lead to a fire. Only a limited number of chargers seem to be affected by the issue at this point.
Attacking the firmware
Any devices that are compatible with fast charging allow the charger to communicate with them. When a smartphone is plugged into a smart charger, the latter will gain access to important information about the current battery charge, temperature, and the voltage that is used by the device.
Fast Charges can perform this action because they are fitted with a miniature processor and firmware that collect information through the charging cable. The firmware is limited as it, not a complete OS, but it relies on code to function properly.
Out of 35 fast chargers that were tested by the security company, 18 can upgrade their firmware when a smartphone is connected. The researchers created a backdoor that allowed them to alter the firmware via a smartphone or a different device, loading malicious code in the fast charger with ease.
Once the payload was secured, when someone tries to connect a device to the fast charger, the additional voltage could be pushed, wrecking the device. The company did not name the manufacturers who manufactured vulnerable fast chargers. It is also possible that the attacker could use the fast charger to inject a BadPower exploit into the device, which can then spread the malware to any fast chargers that are connected to it
It is advised to not share cables or fast chargers to prevent potential risks.