Researchers find hack that makes power adapters catch fire
According to researchers, your phone’s power brick could be the target of a hack that causes devices to catch on fire. In all likelihood, most people have nothing to worry about. However, it’s a concerning development that needs to be addressed within the tech industry.
Researchers from a Chinese security firm called Xuanwu Labs (which is owned by Tencent) uncovered the vulnerability -dubbed BadPower. It reportedly hijacks power bricks that support fast charging, telling them to send more power to a device than it can handle. This results in overheating, melted components, and even combustion.
Too Much Power
Although it can be frustrating to wait for a phone to recharge, our devices are only built to handle a certain amount of electricity at once. Going over that threshold is a recipe for disaster.
Fast charge power adapters seem innocent at first glance. However, they are a lot more technical than most people would assume. They require specialized firmware to properly control the flow of electricity between an outlet and the phone on the other end.
BadPower interrupts that communication. Researchers demonstrated that hacking the firmware allows bad actors to manipulate a power brick and overheat a phone-even to the point of setting it on fire.
To confirm their findings, Xuanwu Labs researchers installed the BadPower malware on 35 different power bricks. They found that 18 of them (made by eight different manufacturers) were susceptible to the attack. That’s obviously a cause for concern.
The main issue with the BadPower hack is that it doesn’t leave signs of tampering. A user wouldn’t even know that their device is in danger until it is too late.
Researchers say that hacking a power brick is simple. Someone could connect it to a portable, custom rig to upload the malicious code in seconds. In a few instances, the team was even able to install the malware by connecting a power adapter to a phone or laptop infected with BadPower.
Looking on the Bright Side
Although the thought of power adapters making devices combust is frightening, BadPower isn’t running rampant in the general public. Nor is it going to. That’s partially because hackers need to physically install the malware on a power brick.
Unless a bad actor is targeting someone specific, that isn’t likely to happen.
Meanwhile, a second bright spot exists. The BadPower hack can be shut down by updating a power brick’s firmware. This is great news in theory. In reality, however, most people probably aren’t in a rush to update their charging adapter.
Due to the nature of the vulnerability, everyday consumers don’t need to worry about their power brick being hacked. Instead, it is an issue that technology manufacturers will need to address.
Xuanwu Labs reached out to those who made vulnerable power bricks to share advice on how to protect against BadPower attacks in the future. Such protections include improving firmware security and including additional precautions to prevent phones from overheating.
If nothing else, BadPower should remind users that physical security is always the first line of defense. When hackers can’t get their hands on your devices, they are less likely to cause major damage.
Originally published at https://www.theburnin.com on July 20, 2020.