How to hack a phone charger
Introduction
We live in an era where malware is targeting smartphones and other devices from the Internet of the Things (IoT) world. This is not a desirable situation, but unfortunately, it happens more frequently and in a destructive way.
Of course, criminals look for other ways to exploit attacks, choosing different pathways and landscapes. Most recently, this is focused on chargers which can attack a smartphone until it melts or burns.
Earn two pentesting certifications at once!
Enroll in one boot camp to earn both your Certified Ethical Hacker (CEH) and CompTIA PenTest+ certifications — backed with an Exam Pass Guarantee.
Introduction to the “bad power” attack
Security researchers were recently able to compromise a great variety of chargers with malicious code to deliver more voltage than the connected device could handle. With this approach in place, the overload caused the components inside the affected electronics to spark, sizzle and melt.
The attack is known as bad power. It works by altering the default parameters in the fast charger firmware.
Figure 1: Common fast chargers potentially vulnerable to this attack.
Let’s understand a little bit how fast chargers work. It may look like a regular charger, but they are built with special firmware. The charger firmware can speak with the connected device in order to establish a charging speed based on the device’s capabilities — remember that each device has its features and power speed.
In this sense, if the target device doesn’t support a fast charging feature, the fast charger delivers the standard power — 5V. On the other hand, if it accepts bigger inputs of charging, the charger can use 12V, 20V or even faster charging speeds. This is the crucial point where the bad power attack can be exploited.
Coming to the stage, the bad power attack corrupts the charger firmware. The exploit changes the default charging parameters in the firmware and tampers with it to push a higher voltage than the charging device can handle. This abnormal behavior damages and degrades the receiving device’s components — leading it, in dramatic scenarios, to completely burn.
The following video is a proof of concept from Tencent Security Lab in order to demonstrate the bad power attack.
See the full video here.
Bad power attack by numbers
The Tencent research team tested the bad power attack on 35 fast chargers from 234 models available on the market. According to the article, 18 models from 8 different vendors were vulnerable to this flaw.
The worst scenario happens in some chargers of specific vendors. The bad power vulnerability can be fixed in common chargers by updated the device’s firmware, but researchers said that 18 chip vendors were not built with a firmware updated option. In this case, there is no way to fix the vulnerability in those devices.
From this perspective, this flaw is considered a critical problem and without a fast and efficient solution. Many people have three or four chargers in their homes and they are probably vulnerable now.
Be careful with your device
One of the particularities of this attack is that anyone can make it deadly and silently. It’s a single simple step to destroy any device: connect it to the right fast charger. In the worst-case scenario, the attack can damage the device in a few seconds.
Figure 2: Device damaged when connected to the “malicious” fast charger.
According to the researchers, “with some fast chargers, the attackers don’t even need hardware. They can load the attack code to modify the firmware on the target smartphone or laptop. When a victim connects their infected smartphone or laptop to a fast charger, the device could go up in flames”.
FREE role-guided training plans
Final thoughts
The exploitation of physical and hardware flaws should be taken into account as a common and serious problem these days. Although bad power can be a beast if the target device is connected to the right charger, the damage caused by this attack would vary, depending on the fast charger model and on the mobile device and protection against malicious code.
The researchers didn’t share the name of the vulnerable products, but the specific vendors were contacted. China’s National Vulnerability Database was also contacted about the potential problem.
In order to mitigate and reduce the risks of this attack, it’s suggested that manufacturers add additional fuses to devices that support lower-voltage fast charging. Another suggestion is to include hardening firmware to prevent unauthorized modifications, also deploying overload protection to charged devices.
For users, they need to be warned about the problems of using third-party chargers or power banks — for example, in cyber-spaces, airport, shopping and so on.
Sources
BadPower Vulnerability In Fast Chargers Might Make Phones Halt And Catch Fire, Hackaday
Enroll in an Ethical Hacking Boot Camp and earn two of the industry’s most respected certifications — guaranteed.
- CEH exam voucher
- PenTest+ exam voucher
- Exam Pass Guarantee
- Live online hacking training
In this Series
- How to hack a phone charger
- The rise of ethical hacking: Protecting businesses in 2024
- How to crack a password: Demo and video walkthrough
- Inside Equifax's massive breach: Demo of the exploit
- Wi-Fi password hack: WPA and WPA2 examples and video walkthrough
- How to hack mobile communications via Unisoc baseband vulnerability
- How to build a hook syscall detector
- Top tools for password-spraying attacks in active directory networks
- NPK: Free tool to crack password hashes with AWS
- Tutorial: How to exfiltrate or execute files in compromised machines with DNS
- Top 19 tools for hardware hacking with Kali Linux
- 20 popular wireless hacking tools [updated 2021]
- 13 popular wireless hacking tools [updated 2021]
- Man-in-the-middle attack: Real-life example and video walkthrough [Updated 2021]
- Decrypting SSL/TLS traffic with Wireshark [updated 2021]
- Dumping a complete database using SQL injection [updated 2021]
- Hacking clients with WPAD (web proxy auto-discovery) protocol [updated 2021]
- Hacking communities in the deep web [updated 2021]
- How to hack Android devices using the StageFright vulnerability [updated 2021]
- Hashcat tutorial for beginners [updated 2021]
- What is a side-channel attack?
- Copy-paste compromises
- Hacking Microsoft teams vulnerabilities: A step-by-step guide
- PDF file format: Basic structure [updated 2020]
- 10 most popular password cracking tools [updated 2020]
- Popular tools for brute-force attacks [updated for 2020]
- Top 7 cybersecurity books for ethical hackers in 2020
- How quickly can hackers find exposed data online? Faster than you think …
- Hacking the Tor network: Follow up [updated 2020]
- Podcast/webinar recap: What's new in ethical hacking?
- Ethical hacking: TCP/IP for hackers
- Ethical hacking: SNMP recon
- How hackers check to see if your website is hackable
- Ethical hacking: Stealthy network recon techniques
- Getting started in Red Teaming
- Ethical hacking: IoT hacking tools
- Ethical hacking: BYOD vulnerabilities
- Ethical hacking: Wireless hacking with Kismet
- Ethical hacking: How to hack a web server
- Ethical hacking: Top 6 techniques for attacking two-factor authentication
- Ethical hacking: Port interrogation tools and techniques
- Ethical hacking: Top 10 browser extensions for hacking
- Ethical hacking: Social engineering basics
- Ethical hacking: Breaking windows passwords
- Ethical hacking: Basic malware analysis tools
- Ethical hacking: How to crack long passwords
- Ethical hacking: Passive information gathering with Maltego
- Ethical hacking: Log tampering 101
- Ethical hacking: What is vulnerability identification?
- Ethical hacking: Breaking cryptography (for hackers)
- Ethical hacking: Attacking routers
Get certified and advance your career
- Exam Pass Guarantee
- Live instruction
- CompTIA, ISACA, (ISC)², Cisco, Microsoft and more!
