The newly discovered BadPower vulnerability can hack a smartphone by corrupting the popular fast charging technology.
Chinese researchers first discovered the BadPower vulnerability. The security researchers found out that it attacks smartphones by exploiting vulnerabilities on fast-charging technologies.
Unlike most smartphone vulnerabilities that exploit software, BadPower attacks the hardware side. The hack is capable of corrupting the target device’s firmware. It is capable of rendering the target device completely unusable and can even explode.
New fast-charging vulnerability
Fast-charging technologies are getting popular in recent years. As the name suggests, the technology allows smartphones to recharge in an extremely short amount of time.
The technology employs basic electrical concepts to charge a smartphone at the least amount of time fully. In a standard fast-charging scenario, the higher the voltage and wattage are, the fast it will charge. This is an extremely efficient feature, especially for those who are constantly on the go.
— Cyber Report (@cyberreport_io) July 20, 2020
Like with almost every new technology, fast-charging has its own set of vulnerabilities. However, it took quite some time for these vulnerabilities to be discovered. This is probably the first fast-charging vulnerability to be discovered.
The BadPower hack can alter firmware data of some fast chargers. The exact extent of the vulnerability is still unknown, and no major brand has been tied so far.
The hack works by corrupting the firmware. What it does is confuse the firmware and the chipset in setting what voltage to send to the charger. It is important to note that some fast chargers can send 20 volts, while some smartphones only support 5V.
This is an extremely dangerous scenario, given that it hacks the hardware side of the smartphone. Overloading the charging voltage of some smartphones may cause it to explode.
Cause for alarm
The researchers said that they utilized a special device to constitute the hack. The device disguises as a smartphone and corrupts the charger’s firmware. Once the payload is delivered, it can affect almost any device that uses fast charging, including smartphones and laptops.
What makes BadPower worrisome is its possible physical damage to users. While most malware only affects hardware user data, this new vulnerability can effectively injure users. As of this writing, no attack that utilizes the vulnerability has been recorded.
To counter the BadPower vulnerability, the researchers have several suggestions. They suggest that manufacturers should add additional fuses to their fast chargers. Using fast chargers from recognized brands is also a good option.
Image courtesy of Remitski Ivan/Shutterstock