Today we will cover in this article How to hack a phone charger.
Introduction[How to hack a phone charger]
We live in an age where malware targets smartphones and other Internet of Things (IoT) devices. This is not a desirable situation, but unfortunately it is happening more often and in a more destructive way.
Of course, criminals are looking for other ways to use attacks, choosing different paths and landscapes. More recently, this has focused on chargers that can attack a smartphone until it melts or burns.
Introduction to the “bad power” attack
Security researchers have recently managed to compromise a large number of chargers using malicious code to deliver more voltage than the connected device can handle. With this approach, overloading the component inside the affected electronics caused sparking, sputtering and melting.
The attack is known as bad power. It works by changing the default parameters in the fast charger firmware.
Let’s understand a little about how fast chargers work. It may look like a regular charger, but they have special firmware. The charger’s firmware can communicate with the connected device and determine the charging speed based on the device’s capabilities – remember that each device has its own features and power speed.
In this sense, if the target device does not support the fast charging function, the fast charger supplies standard power – 5V. On the other hand, if it accepts larger charging inputs, the charger can use 12V, 20V or even higher charging speeds. This is a key point where a bad power attack can be exploited.
When you come to the scene, a bad energy attack will damage the firmware of the charger. The exploit changes the default charging parameters in the firmware and manipulates it to push a higher voltage than the charging device can handle. This abnormal behavior damages and degrades components of the receiving device, resulting in a complete burnout in dramatic scenarios.
Bad power attack by numbers
Tencent’s research team tested the bad energy attack on 35 fast chargers out of 234 models available on the market. According to the article, 18 models from 8 different vendors were affected by this bug.
The worst case scenario occurs with some chargers from specific vendors. The poor power vulnerability can be patched in common chargers by updating the device’s firmware, but the researchers said 18 chip manufacturers were not built with the ability to update the firmware. In this case, there is no way to fix the vulnerability in these devices.
From this point of view, this bug is considered a critical problem and without a quick and effective solution. Many people have three or four chargers at home and are probably vulnerable right now.
Be careful with your device
One of the special things about this attack is that anyone can make it deadly and silent. One step is all it takes to destroy any device: connect it to the right fast charger. In the worst-case scenario, an attack can damage a device in seconds.
According to the researchers, “with some fast chargers, attackers don’t even need hardware. They can load the attack code and modify the firmware on the target smartphone or laptop. When a victim plugs their infected smartphone or laptop into a fast charger, the device can catch fire.”
Exploiting physical and hardware flaws should be considered a common and serious problem these days. While bad power can be a beast if the target device is connected to the right charger, the damage caused by this attack will vary depending on the fast charger model and the mobile device and malware protection.
The researchers did not release the name of the vulnerable products, but specific vendors were contacted. China’s National Vulnerability Database has also been contacted about the potential issue.
To mitigate and reduce the risks of this attack, it is suggested that manufacturers add additional fuses to devices that support fast charging at a lower voltage. Another suggestion is to include firmware hardening to prevent tampering, as well as deployment of overload protection on loaded devices.
Users must be warned about problems with using third-party chargers or powerbanks – for example, in cyberspace, at the airport, while shopping, etc.