Thursday, March 28, 2024

BadPower Attack – Hackers Invade a Fast Charger to Breakdown Your Device

Fast Charging is a popular feature with most of the smartphones that let users charge their batteries faster than normal. The Fast Charging works by increasing the voltage and thus charges batteries faster than normal.

Fast Charging technology has emerged in recent years, a large number of chargers, charging treasures, car chargers, and other products supporting fast charging technology.

BadPower Attack

The fast charger is completed by one end with power supply and another end of the charging cable is the power receiving end.

When both ends power supply terminal and the power receiving terminal is connected with the device, then negotiation will occur, and then power supported by both parties will get supplied.

These processes are handled by firmware that stored in the fast charge management chip at the power supply terminal and the power receiver terminal.

The fast charger protocols include power transmission and data transmission functions, some devices have built-in read and write functions but they are lacking security checks.

By taking this as an advantage attackers can change the code that controls the power supply behavior in the fast charging device, they can change the default 5V power supply to 20V.

Chinese security researchers from Xuanwu Lab tested 35 of the fast charges, at least 18 of them had BadPower problems.

Two possible attack scenarios;

  1. The attacker uses a special device disguised as a mobile phone connected with a charging port to invade the firmware of the charger, then if a user connects with a hacked charger power overload attack will get performed.
  2. The attacker invades the user’s mobile phone, laptop, and other terminal devices in some way and adds malicious programs to perform BadPower attack when the hacked charger is used power overload attack will get perform.

To note the BadPower Attack doesn’t result in data leakage, but it destroys the user’s digital device. The demand for fast charging products, like the PD fast chargers you see on ugreen.com is growing, so there is a chance for a number of users to get affected.

By issuing an update the device manufacturers can take measures to repair BadPower problems, normal users can avoid this attack by not giving your own chargers, power banks, etc. to others.

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity and hacking news updates.

Also Read

USB 4 Released – Now You can Transfer Data with 40 Gbps Maximum Speed & 100 watts Charging

USB-IF Launches USB Type-C Authentication Program To Protect Against From Malicious Devices

Website

Latest articles

iPhone Users Beware! Darcula Phishing Service Attacking Via iMessage

Phishing allows hackers to exploit human vulnerabilities and trick users into revealing sensitive information...

2 Chrome Zero-Days Exploited at Pwn2Own 2024: Patch Now

Google has announced a crucial update to its Chrome browser, addressing several vulnerabilities, including...

The Moon Malware Hacked 6,000 ASUS Routers in 72hours to Use for Proxy

Black Lotus Labs discovered a multi-year campaign by TheMoon malware targeting vulnerable routers and...

Hackers Actively Exploiting Ray AI Framework Flaw to Hack Thousands of Servers

A critical vulnerability in Ray, an open-source AI framework that is widely utilized across...

Chinese Hackers Attacking Southeast Asian Nations With Malware Packages

Cybersecurity researchers at Unit 42 have uncovered a sophisticated cyberespionage campaign orchestrated by two...

CISA Warns of Hackers Exploiting Microsoft SharePoint Server Vulnerability

Cybersecurity and Infrastructure Security Agency (CISA) has warned about a critical vulnerability in Microsoft...

Microsoft Expands Edge Bounty Program to Include WebView2!

Microsoft announced that Microsoft Edge WebView2 eligibility and specific out-of-scope information are now included...
Guru baran
Guru baranhttps://gbhackers.com
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Mitigating Vulnerability Types & 0-day Threats

Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.

  • The problem of vulnerability fatigue today
  • Difference between CVSS-specific vulnerability vs risk-based vulnerability
  • Evaluating vulnerabilities based on the business impact/risk
  • Automation to reduce alert fatigue and enhance security posture significantly

Related Articles