Newly discovered flaw in fast chargers can cause connected devices to go up in flames


Posts: 851   +162
Staff member
What just happened? Security researchers from Xuanwu Lab, operating under Chinese tech giant Tencent, recently discovered a vulnerability in fast chargers that lets them alter the charger's firmware to deliver voltage in excess of what receiving devices can handle. This subsequently damages any connected hardware, causing it to melt or even catch fire in some instances. The researchers have added the flaw to the Chinese National Vulnerabilities Database (CNVD) and also notified affected vendors in the hope of seeing improved security standards develop and implemented across this industry.

The ability to quickly juice up our power-hungry smartphones through fast charging is certainly a convenience, but one where a delicate balance of demand and supply needs to be met. That's handled through controllers built into fast chargers that intelligently switch to low or high voltage, depending on the receiver's capability, quickly charging it for regaining hours of usage.

Fast chargers achieve this through special firmware, with built-in protection against overcharging, overheating, and other safety hazards. However, researchers at Chinese tech giant Tencent were able to bypass these measures by modifying the charger's firmware and altering default charging parameters to push dangerously high levels of voltage to connected devices.

In their report, the researchers discuss fast charging protocols, which in addition to supplying power to connected devices, also provide an interface for data transmission that manufacturers use to read/write charger firmware. If not well-protected, an attacker can use the same data channel to tweak the firmware and set their own power parameters, corrupting the exchange between the charger and connected device.

Dubbed 'BadPower,' the attack doesn't cause any data leaks, according to the researchers, but can physically damage the receiver. An infected charger carrying the attack code may not be as lethal as a USB killer, but it's just as silently executable and can be ported to other fast chargers by connecting them to smartphones, tablets, and/or laptops carrying the payload.

When connected to a device that doesn't support fast charging, an infected charger could result in power overload by supplying 20V instead of the standard 5V. It can also maliciously deliver higher voltage levels to devices that support fast charging, even after both parties have agreed on using lower power values.

From the 234 fast chargers available in the Chinese market, the researchers were able to test 35 models, out of which 18 were found vulnerable to this attack. They also claim to have investigated 34 fast-charging chip vendors, with almost half of them producing unfixable chips as their vulnerable firmware was not updateable.

As for safety tips against BadPower, the researchers suggest that manufacturers should employ strict security checks while updating charger firmware or disable read/write firmware functionality over USB altogether. They also call for providing better overloading protection on devices that don't support fast charging and ask consumers to be mindful of sharing their power bricks and charging banks.

Permalink to story.



Posts: 11   +25
If half of them are "producing unfixable chips as their vulnerable firmware was not updateable.", how can they be vulnerable if code isnt editable/updateable?

Uncle Al

Posts: 8,014   +6,783
I can't even begin to tell you how many friends have told me about these new super chargers and when questioned, not a single one of them had looked on the back of their phone to see what the proper ampacity was. This is one of those things that I think our FCC should issue mandatory guidance to manufacturers to include a simple pamphlet that explains the limits of these devices and the risks associated with abuse. Let's face it, by and large there are very few Americans that know what the power tri-angle is much less what it means .... American Education in action again!


Posts: 729   +730
That makes no sense.

Sure it does, they arnt using read once rom chips but they don't have a plan in place to update them, or the chargers ram is infected. Maybe they should switch to uv roms with the UV window permantly covered by plastic, and not use any memory outside of the rom


Posts: 317   +492
Correct me if I am wrong, the hackers will need physical access to my phone charger and then they need to open it and install a modified firmware in it just so they can damage/destroy my phone?

Jeez, just open the charger and connect direct power wire to usb pin. That will do the same trick too.

Cubi Dorf

Posts: 337   +223
Forgiving my english if I am wronging: "Newly discovered flaw in fast chargers can cause connected devices to go up in flames" should be "Newly discovered flaw in fast chargers can allow connected devices to go up in flames"
the flaw does not cause flame. it allowing hacker to cause it go in flame. if they are can access.


Posts: 851   +162
Staff member
If half of them are "producing unfixable chips as their vulnerable firmware was not updateable.", how can they be vulnerable if code isnt editable/updateable?
Sorry if that caused confusion as I had to refer to a translated article. It's likely that the vendors can't issue OTA updates to these chips, but anyone with physical access to the charger can still manually update/flash the firmware with infected code. Vendors who have OTA enabled could simply release a patch for affected models.