Chinese security researchers have developed an attack technique that could have serious consequences for smartphones and their owners. Using specially designed mobile malware, they managed to manipulate the firmware of a quick charger in order to generate higher charging currents than intended. The excessively high voltages are, however, suitable for overheating components in the charger and also in the smartphone or even setting a device on fire.
The researchers called the technology from Xuanwu Lab, a research department of the technology group Tencent, BadPower. In contrast to conventional chargers, quick chargers are controlled by firmware. It communicates with the connected smartphone or tablet to find out whether the device can be charged with the standard value of 5 volts or with 12 or 20 volts or even an even higher voltage.
BadPower in turn changes the preset charging parameters so that the connected device receives more power than it can actually tolerate. This will damage its charging components: they overheat, causing them to deform or even melt. In the worst case, they ignite and set the device on fire.
An attack with this technology cannot be recognized by the user, since mobile operating systems do not provide dialogues for excessive charging currents. A charger can either be manipulated directly by the attacker using special hardware, or at least with some charger types using the connected smartphone or laptop. Connecting to a charger would then activate the malicious code, which in turn changes the firmware of the charger and then ensures that the charging current is too high.
The researchers tested a total of 35 quick chargers. Of these, 18 devices from 8 different manufacturers were susceptible to BadPower. According to them, a bad power attack can be prevented with many chargers via a firmware update.
However, this is exactly where a problem arises: Although the researchers were able to manipulate the firmware of certain chargers, an official option for firmware updates is only available for 18 out of 34 quick-charging chips. With some of these chips, it is not possible to fix errors in the firmware afterwards.
The researchers have since informed the manufacturers concerned about their findings. But they are also registered in the Chinese National Vulnerabilities Database (CNVD) in order to put pressure on the providers to remedy the vulnerabilities. The researchers propose to introduce protective measures against unauthorized changes to the firmware and to provide devices that are to be charged with overcharge protection.