Security researchers probe software on phones and computers to find vulnerabilities, but rarely do they dig inside the chargers that recharge those devices.
Modern chargers can have the fast charging capability. All of fast charging services share one common theme for more power: increasing the output.
From the amps (A), volts (V) and watts (W), fast chargers deliver them far beyond the basic USB specification.
Beside that, fast chargers with USB Power Delivery (USB-PD) specification can further improve charging speed by implementing a data protocol to communicate the charger with the device they are connected to.
This is possible because the modern fast chargers come equipped with the necessary circuitry and software. This way, the chargers can negotiate the maximum tolerable power delivery for both the charger and the device, for the quickest charging time, and the safest.
What this means, unfortunately, they can also be vulnerable to hacks.
A team of Chinese researchers at Tencent Security’s Xuanwu Lab have found that a hack called 'BadPower' can make devices overheat, emit smoke, and possibly even catch fire or melt.
Before fast chargers came into the market, the cables people used to keep phones, tablets, laptops and other devices with batteries running, would only deliver a few watts and volts no matter where the charger is plugged.
This is why those 'old' chargers charge devices so slow. People who might have forgotten to plug their devices overnight, would see it impossible to get a full charge the next morning.
USB-PD fast chargers that are modern, are essentially tiny computers. They ramp up the figures to deliver more power into devices' battery, in a shorter amount of time. So instead of needing hours to recharge a device from 0 to 100, fast chargers can get a device up and running for hours in just a few minutes of charging.
These fast chargers are like a dream come true for most smartphone users.
But it's the tiny electronic brains inside those fast chargers that can be vulnerable to hacks. And BadPower can literally turn a charger into a phone-killing fire hazard.
To tamper with the chargers, hackers can exploit the read and write ability over the USB port in order to send malicious code and alter the charger’s firmware, that according to the researchers. This is possible because the USB port where users can plug their smartphone via a cable, can also operate as a data connection, enabling users to read and write information to the charger’s firmware.
According to Xuanwu Lab, many of the data connection on these USB ports have no safeguards in place to prevent tampering.
When hackers succeeded in tampering with a target fast charger, BadPower can interfere with the output of the charger, in order to to deliver more power than the connected device can tolerate.
For example, 100W USB-PD chargers are becoming increasingly common, and some brands can even go beyond that. It's only because those fast chargers can communicate to the devices they are plugged to, that they can negotiate the correct combination of voltage and current to charge a connected device at maximum speed.
BadPower here, makes the charger to 'lie'.
When negotiating with the device it is connected to, it tells that for example, that it only delivers a few volts, but in reality, the power it is delivering can go many times that.
"Under normal circumstances, for power receiving devices that do not support fast charging, the fast charging device will provide a 5V power supply voltage by default. But by rewriting the code that controls the power supply behavior in the fast charging device, the fast charging device can input a maximum voltage of 20V to these power receiving devices that can only accept 5V voltage, resulting in power overload," the researchers said.
"Even for a powered device that supports fast charging, a malicious charging device after being controlled can tell the powered device that it will provide a 5V voltage in the power negotiation, but it actually provides a 20V voltage."
As a result of this, the hacked charger can damage the battery of the devices it is connected to, over time. It can be worse if the internals of those devices that couldn't cope with the surge, as it can also cause fire.
The researchers have tested 35 fast chargers of the 234 models available in China, and found that 18 models from eight different vendors were vulnerable to BadPower.
While software inside apps and operating systems are easy to patch and fix when a vulnerability is found, chargers on the other hand, aren't that smart. While they do have the software needed to communicate with the devices they are plugged to, many of them don’t have upgradeable firmware at all.
Xuanwu Lab said that from the 34 fast-charging chip manufacturers they've tested, 18 of them lacked any firmware update mechanism.
What this means, the fast chargers with non-upgradeable firmware cannot be fixed.
The researchers recommend that vendors develop patches that can be deployed to upgradeable chargers and include them on future models. The researchers also suggests manufacturers to harden fast charger firmware to guard against this kind of attack.
Besides that, it's also possible that hackers can also turn users' phones into a BadPower machine through installed apps. This is also it's always suggested for users to employ common sense practices such as to never install apps from shady sources, and accept updates as soon as they are available.
Tencent said that it has notified all affected vendors and China’s National Vulnerability Database about the potential danger.