BadPower attack corrupts fast chargers to melt or set your device on firehttps://www.zdnet.com/article/badpower-attack-corrupts-fast-chargers-to-melt-or-set-your-device-on-fire/A fast charger looks like any typical charger but works using special firmware. This firmware "talks" to a connected device and negotiates a charging speed, based on the device's capabilities.
... if the device can handle bigger inputs, the fast charger can deliver up to 12V, 20V, or even more, for faster charging speeds.
The BadPower technique works by altering the default charging parameters to deliver more voltage than the receiving device can handle, which degrades and damages the receiver's components, as they heat up, bend, melt, or even burn.
...
A BadPower attack is silent, as there are no prompts or interactions the attacker needs to go through, but also fast, as the threat actor only needs to connect their attack rig to the fast charger, wait a few seconds, and leave, having modified the firmware.
Furthermore, on some fast charger models, the attacker doesn't need special equipment, and researchers say the attack code can also be loaded on regular smartphones and laptops.
When the user connects their infected smartphone or laptop to the fast charger, the malicious code modifies the charger's firmware, and going forward the fast charger will execute a power overload for any subsequently connected devices.
...
The bad news is that the research team also analyzed 34 fast-charging chips, around which the fast charger models had been built. Researchers said that 18 chip vendors did not ship chips with a firmware update option, meaning there was no way to update the firmware on some fast charger chips.
Tencent researchers said they notified all affected vendors about their findings, but also the Chinese National Vulnerabilities Database (CNVD), in an attempt to accelerate the development and promotion of relevant security standards to protect against BadPower attacks.
Suggestions to fix the BadPower problem include hardening firmware to prevent unauthorized modifications, but also deploying overload protection to charged devices.
Backing up a bit, modern mobile devices' batteries are not like cars' lead-acid batteries, which can be charged by a relatively simple charging system. Mobile devices' batteries must be charged carefully, at different voltages/rates at different states of charge. If not done properly, well, remember that cell phone model Samsung had to withdraw from the market?
So battery chargers for mobile devices are controlled by a microcontroller, a dedicated computer IC with firmware that controls the rate of charge. For some reason, charger manufacturers did not foresee that making the firmware changeable by external devices was an open invitation to hackers.
More practically: DO NOT use public chargers to power and charge your mobile devices; be careful what apps you have on your devices; be careful how and with whom you communicate with your devices.
