Hackers can now cause smartphones, tablets, computers, and various other popular electronic devices to self-destruct or to destroy other devices when they charge.
To destroy a device, and to potentially cause it to explode or to catch fire, hackers simply need to re-program a USB “Fast Charger” used to charge the device – instructing the charger to overwhelm any attached devices with excessive amounts of electrical current. Many chargers are vulnerable to such reprogramming – and the reprogramming can even be performed by the targeted device itself.
Fast chargers – as utilized for charging most modern smartphones – contain small computers that when connected to a smartphone, tablet, camera, or other USB-chargeable device, communicate with the attached device in order to determine, and relay from the charger, the most powerful charge that both the charger can output and the device can safely handle; by charging devices at the maximum safe rate, fast chargers minimize the amount of time it takes to recharge any particular device (hence the name “fast charger”). Many fast chargers and electronic devices, however, take no precautions to protect themselves from one another; chargers often inherently trust that devices will not try to hack and overwrite the chargers’ software (i.e., their firmware), and most devices inherently trust that chargers will never send more current than whatever allowable maximum the device specifies (or a low default amount if no communication occurs).
As a result of the mutual failure to protect themselves from one another, devices and chargers are both at risk; if instead of simply relaying information about the maximum safe current level, a device – such as smartphone infected with malware designed to inflict destruction – writes to the charger and overwrites the charger’s firmware, the malicious device can program the charger to attempt to overwhelm with current whatever devices are subsequently attached to it (including both the original attack-device and other devices).
Researchers from China-based Tencent Security’s Xuanwu Lab recently demonstrated this vulnerability – which they christened “BadPower” – and advised people worldwide not to plug any devices into fast chargers unless those devices support fast charging. (Presumably, for maximum protection, their advice should be extended: devices that support only earlier generations of fast charging should not be plugged into newer generations of fast chargers either.)
Of course, the notion of destroying electronic devices via USB-based electrical overload is not new – rogue USB sticks that destroy computers by sending an unexpected surge of power onto the data lines of USB ports to which the sticks are connected have been around for quite some time. But, the ability to easily kill a device – or many devices – via malware is quite a bit scarier; attackers need not have physical access to a device in order to destroy it through the exploitation of BadPower. Also, BadPower exploitation can lead to not only a device becoming unusable, but, also, to a fire or an explosion.
But, is BadPower really something that you need to worry about?
As I wrote regarding the danger of using borrowed chargers, the real world risk to the average person is likely small – but, it is not zero. So, if you can manage to use chargers for only their intended devices (e.g., for your phone use the charger that came with your phone and others designed for your phone, and do not use those chargers for other devices), that is clearly ideal. If that is impossible, at least refrain from connecting any device to a charger capable of charging at levels higher than the device supports.
That said, it is not unlikely that BadPower will be exploited for use in targeted attacks – whether by governments seeking to target dissidents, people intent on disrupting journalists’ reporting, cybercriminals intent on manipulating various situations, or by others with other nefarious intentions. And, eventually, if the vulnerability inherent in so many chargers is not corrected, cyberterrorists may be able to exploit BadPower to wreak havoc en masse.
The good news is that it is relatively simple for fast charger manufacturers to implement the necessary modifications to prevent malicious firmware overwrites – which I expect them to do posthaste.