Hackers Can Now Trick USB Chargers To Destroy Your Devices

In Other News 0 Comments

Posted By: Bradley Stone (UncleBrad) on 07/21/2020
This Is How It Works...

Not all cyber attacks focus on data theft. Sometimes the intent is “to achieve destruction of the physical world through digital means,” Chinese tech giant Tencent warns. The company’s researchers have just disclosed a serious new vulnerability in many of the mass-market fast chargers now used around the world.

When you connect your device to a fast charger with a USB cable, there is a negotiation between the two, establishing the most powerful charge the device can safely handle. This negotiation is managed between the firmware on the device and the firmware on the charger, and assumes both will play nicely with one another.

But Tencent’s researchers have now proven that a compromised charger can override this negotiation, pushing more power down the cable than the device can safely handle, likely destroying the device and potentially even setting it on fire.

Because the fast charger is essentially a smart device in its own right, it is open to a malicious compromise. An attack is very simple. With malware loaded onto a smartphone, an attacker connects to the charger, overwriting its firmware and essentially arming it as a weapon for whatever plugs in to it next.

The interesting twist here is that the malware might even be on the target device. An attacker pushes that malicious code to your phone. The first time you connect to a vulnerable fast charger, the phone overwrites its firmware. The next time you connect to that same charger to repower your device, your phone will be overloaded.

Tencent has produced a demo video, showing how a charger can be compromised and then used to overload a device.

Tencent have dubbed this issue “BadPower,” and warn that “all products with BadPower problems can be attacked by special hardware, and a considerable number of them can also be attacked by ordinary terminals such as mobile phones, tablets, and laptops that support the fast charging protocol.”

The researchers identified 234 fast chargers on the market, and tested 35 of them. Of those, they found “at least 18 had BadPower problems and involved eight brands.” Of those 18 charging devices, 11 were vulnerable to a simple attack through a device that also supports the fast charging protocol, such as a mobile phone.

According to the researchers, while there is a risk with devices that are designed to be fast charged, the greater risk is with those that are not. Their advice is not to plug basic 5v devices into fast chargers with a USB to USB-C cable.

The research team at Tencent’s Xuanwu Lab reported the issue to the China National Vulnerability Database (CNVD) and will also engage with affected manufacturers, they say, on mitigation techniques. Clearly, with this issue disclosed, revised standards need to be put in place.

So, is this really an issue for you to worry about? That depends. There is a broad problem here, with wide scale safety measures not yet in place. This means the chargers you buy online—with no way of knowing which might be vulnerable—could damage your device or worse. Sticking to well-known manufacturers is clearly a sensible precaution here, as with any such devices you plug in at home.

There is a slightly darker threat here also, one that impacts those of you that might find yourselves targeted by bad actors. Think dissidents, reporters, protesters. A simple attack that might impact your ability to communicate, to potentially knock you offline, could be relevant. You should take care of the chargers you use.

We have seen warnings before on the use of chargers, either those in public spaces or those we borrow from others. That issue has been all about the potential for data theft, when you use a data cable to charge your device and do not know the provenance of the charger itself. We have even seen compromised data cables used for the same purpose, where the cable hides a wireless connection.

That advice—to be careful when you connect your smart device with a smart cable that can do more than simply charge—is the same in both cases.

Beyond the specifics, this is yet another warning on the perils of the fast-growing IoT space, where we buy, plug-in and connect myriad devices. Our homes and offices are now filled with tech, and while we worry about our computers, phones and tablets,. we pay little attention to the kitchen gadgets, the smart home accessories, and the toys we buy online from makers we have never heard of before.

You are surrounded by countless little computers, many of which you connect to your wifi and offer a route to the outside world. The issue you face, of course, is all about data and security compromise. This report from Tencent just shows that there are other dangers as well, stemming from that same issue.


Favorite VHF Nets

East Central Indiana 6M Net
Category: Nets
VHF NetsNet NameDayTimeFREQ/ModeEast Central Indiana 6M NetSunday8 PM EST50.140 MHz /USB...  READ MORE
- Bradley Stone (UncleBrad),  01/20/2020 
   Below is a picture of my latest project.  After doing the transceiver thing, with a CE20A, mated to a SX-115, then the next transceiver project, a 10A mated to any Drake R4 series receiver, I had an idea.  Those transceiver projects have a lot of oscillators, and even the crystal oscillators can drift as they warm up, which requires re-zeroing the transmitter to the receiver from time to...  READ MORE
- Bradley Stone (UncleBrad),  10/27/2019 

Favorite HF Nets

Sell/Swap, Vintage Radios & More
Category: Nets
All times are in Eastern unless otherwise indicated.  Frequencies are in Megacycles. Recommended HF NetsNet NameDayTimeFREQ/ModeSwan Technical NetWednesday2200 UTC14.2925 +/-  /USB3938 Traders NetWednesday8 PM3.938 / LSBBoatanchor NetWednesday7:30 PM CST3.870 / LSBWA9ZTY Vintage AM GroupSaturday7:30 AM3.885 / AMMidwest Classic Radio NetSaturday8:30 AM3.885 / AMSwan Technical NetSatu...  READ MORE
- Bradley Stone (UncleBrad),  08/29/2019 

W1LSB Finds an EBay Treasure

This 1964 WRL catalog was addressed to Major General Butch Griswold – K0DWC
Category: Vintage Manufacturers
I was first licensed as a novice in 1958, and the WRL catalog was really dominant in those days, with the Globe King, Globe Champ,  and all of the lesser models gracing its pages.  I had a Globe Chief 90 and often dreamed of owning the bigger iron in those pages.   I have since collected most of the WRL catalogs from 1954 to 1964, and the last one turned out to be an interestin...  READ MORE
- Bradley Stone (UncleBrad),  04/30/2019 

Crazy EBay Prices!

Pictures of radio suckerbait on the world's largest online auction!
Category: Crazy EBay Prices!
Below are some screen shots of incredible prices demanded by some EBay vendors.  Since posting an auction is free as long as the item is not sold, it costs nothing for the unscrupulous vendor to display their (unremarkable/filthy/nicotine-caked) wares as if they were priceless artifacts of distinction, having immense value.  It is truly within this online marketplace where prod...  READ MORE
- Bradley Stone (UncleBrad),  03/22/2019 
   These excellent examples of the Swan Twins are from the estate of John Thuren, AA5T (SK) of Houston, Texas.  John had checked in to the 20M Swan net with these very desirable "big Swans" until a few years ago. A big thanks to Eddie, NU5K, who handled John's estate and placed these on EBay.  He packed them well, knowing they are indeed an important find. ...  READ MORE
- Bradley Stone (UncleBrad),  12/21/2018 
   W9RAN started playing with RTL-SDR dongles about 6 years ago, and knew they were going to have a big impact on the radio hobby.   But since these $15 receivers only tuned the VHF and UHF bands, he designed a wideband upconverter to make HF coverage possible, and described how it worked in an article in Jan. 2013 QST "Cheap and Easy SDR".   The "RANVerter" as...  READ MORE
- Robert Nickels (rnickels),  08/09/2018 

2018 Cave City Hamfest

Cave City, Kentucky, 3/3/2018
Category: Activities
Barry, AC9NK and I attendended the 2018 Cave City hamfest, which was awesome this year.  The facility was packed, with lots of vendors.  We enjoyed the company of my friend Tom, N4LID for dinner the night before. Tom, who is blind, had not been able to get to the hamfest for many years.  You will find more pictures at the Kentucky Phone Net site.  A big thanks to Rod, N4ZIF, fo...  READ MORE
- Bradley Stone (UncleBrad),  03/04/2018 
   For nearly five years, spanning 1978 - 1983,  I worked as an Electronics Technician in the original Bearcat manufacturing and service facility in Cumberland, Indiana.  Electra was one of the best places I've ever worked, and were among the many innovative consumer electronics companies which sprang up in and around Indianapolis.  Al Lovell, a former employee of Regency (also in ...  READ MORE
- Bradley Stone (UncleBrad),  02/22/2018 
   The tube-type Linear Master Oscillators (“LMO”) used in the Heathkit SB-Line equipment is a very stable and accurate means of controlling the frequency in the equipment. Unfortunately, as the units age, many LMOs develop a “warble” when tuning. This “warble” usually stops when the frequency control knob is not rotated. However, accurately “zero-beating&rdq...  READ MORE
- Bradley Stone (UncleBrad),  02/08/2018