BadPower Attack Can Trick Power Bricks into Starting a Fire

In a study published by Xuanwu Labs (which is owned by Chinese tech giant Tencent), researchers detailed the BadPower hack which works by manipulating the firmware inside fast charge power adapters.

Normally, when a phone is connected to a power brick with support for fast charging, the phone and the power adapter communicate with each other to determine the proper amount of electricity that can be sent to the phone without damaging the device—the more juice the power adapter can send, the faster it can charge the phone.

However, by hacking the fast charging firmware built into a power adapter, Xuanwu Labs demonstrated that bad actors could potentially manipulate the power brick into sending more electricity than a phone can handle, thereby overheating the phone, melting internal components, or as Xuanwu Labs discovered, setting the device on fire.

Here’s a photo captured by researchers at Xuanwu showing what a charging brick infected with BadPower can do to a connected device.
Here’s a photo captured by researchers at Xuanwu showing what a charging brick infected with BadPower can do to a connected device.
Photo: Xuanwu Labs (Other)

After confirming the results of the research, Xuanwu labs decided to test BadPower by loading it onto 35 different power bricks (out of 234 available models currently on sale) and discovered that 18 of those chargers (made by eight different vendors) were susceptible to the attack.

To make matters worse, if BadPower is used to hack a power brick, there would be no external signs or easy ways of detecting that the device had been tampered with. Fortunately, for now, it will require the bad actor to have physical access to the power adapter. The researchers at Xuanwu claimed hacking a power adapter was as simple as connecting it to a portable, custom-designed rig that can upload malicious code to the power brick in a just a few seconds. And in some cases, the researchers were able to upload BadPower just by connecting a power adapter to an infected phone or laptop.

Source: BadPower Attack Can Trick Power Bricks into Starting a Fire