We all love the quick-charging capability found in many modern smartphones, but a security firm has found that hundreds of millions of fast-charging-capable power adapters and power banks are vulnerable to hacker attacks and may damage hardware.
According to Tencent Security Xuanwu Lab, the issue is considered to be among the most widely-reaching attacks on the physical world from the digital world.
All power adapters and power banks feature power management circuitry controlled by a power management IC (PMIC) with its own firmware. Every time a device is plugged to an adapter or a bank, it negotiates the necessary voltage and current parameters, which is when the charger’s firmware becomes vulnerable to attacks by malware that resides in the terminal device (or elsewhere).
By modifying firmware of a charging device, perpetrators can control their power output (and modern fast-charging adapters and banks can output up to ~100 W easily) and then burn or even explode smartphones, tablets, or laptops. Tencent Security calls this attack ‘Bad Power’.
Tencent Security Xuanwu Lab recently tested 35 fast-charging power bricks and power banks from eight different brands and powered by nine different PMICs. All of the devices are available in stores. It found that 18 out of 35 fast-charging devices had safety issues and therefore could be attacked.
Modified firmware can be replaced by legitimate firmware rather easily, but it is virtually impossible to find out whether or not a particular fast-charging device is compromised.