To make matters worse, if BadPower is utilized to hack a power brick, there would be no external signs or easy ways of discovering that the device had actually been tampered with. The scientists at Xuanwu declared hacking a power adapter was as simple as connecting it to a portable, custom-designed rig that can upload destructive code to the power brick in a simply a few seconds. And in some cases, the researchers were able to publish BadPower just by connecting a power adapter to an infected phone or laptop computer.
While BadPower or similar hacks dont appear to have actually been used in the wild right now, for those stressed over people messing with their power bricks, BadPower serves as a great reminder that physical security stays the first line of defense when it comes to securing your tech. Because if a hacker cant get to your power brick, they will not have the ability to submit the malicious code needed to make your power adapter go crazy.
However, by hacking the quick charging firmware constructed into a power adapter, Xuanwu Labs demonstrated that bad stars could potentially manipulate the power brick into sending out more electrical energy than a phone can manage, therefore overheating the phone, melting internal elements, or as Xuanwu Labs discovered, setting the gadget on fire.
Your phones power brick is generally a relatively innocuous piece of tech, however just recently, scientists at a Chinese security company found a way to hack a fast charge power adapter so that when linked to a phone, the power brick can melt the phone or perhaps begin a fire.
G/O Media may get a commission.
After verifying the results of the research study, Xuanwu laboratories chose to test BadPower by filling it onto 35 various power bricks (out of 234 readily available models presently on sale) and discovered that 18 of those battery chargers (made by 8 different vendors) were susceptible to the attack.
To make matters worse, if BadPower is utilized to hack a power brick, there would be no external signs or simple ways of detecting that the gadget had been damaged. Thankfully, in the meantime, it will require the bad actor to have physical access to the power adapter. The researchers at Xuanwu declared hacking a power adapter was as easy as connecting it to a portable, custom-made rig that can submit malicious code to the power brick in a simply a couple of seconds. And in some cases, the scientists were able to upload BadPower just by linking a power adapter to a contaminated phone or laptop computer.
An example of a melted phone. While this one was not melted by the hack, the damage might be comparable if the battery is overcharged.Photo: Nathaniel Stern/Flickr (Fair Usage).
In a research study released by Xuanwu Labs (which is owned by Chinese tech giant Tencent), researchers detailed the BadPower hack which works by controling the firmware inside fast charge power adapters.
Normally, when a phone is linked to a power brick with support for quick charging, the power and the phone adapter interact with each other to determine the correct quantity of electricity that can be sent to the phone without harming the device– the more juice the power adapter can send, the much faster it can charge the phone.
The small upside to BadPower is that the hack can be shutdown by upgrading a power bricks firmware. After analyzing 34 different chips used in quick charge adapters, Xuanwu researchers found that 18 of the chips didnt have support for updatable firmware, implying for some bricks there would be no way to safeguard against BadPower.
Xuanwu Labs has connected to the suppliers who made vulnerable power adapters with guidance on how to protect against BadPower hacks in the future, which includes enhancing firmware security and including service charge safety measures to prevent a phone from overheating.
Heres a photo captured by researchers at Xuanwu showing what a charging brick contaminated with BadPower can do to a connected gadget. Image: Xuanwu Labs (Other).