Thursday, July 16, 2020


DIGITAL LIFE

Hackers use fast chargers to hack smartphones

 Technologies for fast charging of mobile devices are progressing more and more rapidly: several companies recently announced solutions with a capacity of 100 to 125 W, capable of fully charging a smartphone in a few tens of minutes. However, as it turned out, in the hands of hackers, fast charging can become a real physical weapon.
Cybersecurity experts at Tencent Security Xuanwu Lab published a report that attackers can gain control over the charger for a significant portion of fast-charging devices. According to the most conservative estimates, the number of devices with this vulnerability reaches hundreds of millions and everything that receives power via USB can now be the victim of an attack. They called this phenomenon BadPower ("bad energy" in the literal translation from English). Tencent believes that BadPower could be the digital world's biggest attack on physics.
Xuanwu Lab has tested 35 power adapters, external batteries and other devices that are currently on the market. Eighteen of them had security problems that hackers can use to start supplying excess voltage to a smartphone, tablet or laptop. At best, this will lead to equipment failure, at worst - shooting and even damaging the health of those close to you.

 Возгорание чипа в результате атаки BadPower
Ignition of a chip as a result of a BadPower attack

 The method of hacking a charger can be physical, that is, with direct access to the charger using a special device or remotely through a compromised gadget connected to it. The latter method is used more frequently by cybercriminals, mainly because 11 of the 18 vulnerable devices allow direct contact. Furthermore, there is no difference in what kind of fast charging technology we are talking about. The important thing is whether, in principle, it is allowed to replace the microcode on the power adapter chip via the USB port or, at least, whether the firmware is reliably verified. Unfortunately, the results of the Xuanwu Lab study were disappointing: about 60% of the controllers used in fast chargers allow you to freely update the microcode via the USB port.
Tencent Security Xuanwu Lab has already announced the results of its research to relevant regulatory organizations in China and is also working with electronics manufacturers to take steps to combat BadPower. Experts note that, in most cases, to fix the vulnerability, simply update the charger's firmware. Ordinary users are advised once again not to borrow their smartphones, tablets or laptops.

 Autonews
at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

  DIGITAL LIFE Does New Gmail Feature Pose A Security Risk For 2.5 Billion Android, iPhone Users? Gmail is the world’s biggest free email se...

  • (no title)
    TECH In Memoriam: The Tech That Died in 2018 A bongo enthusiast once said, "time is a flat circle," which is a pretentious...
  • (no title)
      HONOR Model 60 Pro: Sparkling design and camera configuration confirmed by teaser image Honor is not due to unveil the Honor 60 series for...
  • (no title)
      OPPO New and unprecedented model Find X6 will debut with a huge photo sensor Oppo has a strong smartphone lineup lately, offering great fo...