Dubbed BadPower, the technique involves altering the firmware of fast chargers to cause damage to connected charging systems, such as melt components, or even set devices on fire.
According to researchers, BadPower corrupts the firmware of fast chargers,
For those who came in late, a fast charger looks like any typical charger but works using special firmware. This firmware "talks" to a connected device and negotiates a charging speed, based on the device's capabilities.
If a fast-charging feature is not supported, the fast charger delivers the standard 5V, but if the device can handle bigger inputs, the fast charger can deliver up to 12V, 20V, or even more, for faster charging speeds.
BadPower alters the default charging parameters to deliver more voltage than the receiving device can handle, which degrades and damages the receiver's components, as they heat up, bend, melt, or even burn.
A BadPower attack is silent, as there are no prompts or interactions the attacker needs to go through, but also fast, as the threat actor only needs to connect their attack rig to the fast charger, wait a few seconds, and leave, having modified the firmware.
On some fast charger models, the attacker doesn't need special equipment, and researchers say the attack code can also be loaded on regular smartphones and laptops.
When the user connects their infected smartphone or laptop to the fast charger, the malicious code modifies the charger's firmware, and then the fast charger will execute a power overload for any subsequently connected devices.
The researchers said they selected 35 fast chargers from 234 models available on the market and found that 18 models from eight vendors were vulnerable.
Most BadPower problems can be fixed by updating the device firmware but 18 chip vendors did not ship chips with a firmware update option, meaning there was no way to update the firmware on some fast charger chips.