Security researchers have identified a new form of vulnerability with fast chargers called BadPower that can damage your smartphone by overloading the fast charger with an unusual amount of voltage. This issue was identified by the researchers at Xuanwu Lab in China wherein they found that it is possible to modify the firmware of the fast chargers in order to deliver faster-charging speeds than the connected device can handle leading to a complete breakdown of the device and even burn internal components.
For instance, the standard charging voltage is set at 5V for many devices and if you connect a fast charger it will supply 5V even though it is capable of providing faster charging. BadPower works by modifying the default charging power to increase voltage which results in damaging the connected device as it is not supported to run on such high voltages.
BadPower attack is automated and doesn’t require any special equipment to deploy as researchers have indicated that it can be also be installed on smartphones and laptops. If a smartphone or a laptop is infected with BadPower, it can execute the malicious codes to modify the fast charger’s firmware when the user connects to it. After the fast charger is corrupted, whenever the user connects any device for charging, the adapter will automatically overload the power, damaging the connected device.
In its report, the researchers mention that they tested 35 fast-charging adapters and discovered that 18 models from eight companies were vulnerable to BadPower. While most BadPower vulnerabilities can be patched by updating the firmware, 18 fast chargers have been identified to not ship with any firmware update option which means that an OTA update isn’t possible.
However, the researchers do clarify that they have notified the affected companies about the BadPower vulnerability and is working with these manufacturers to prevent any unforeseen attacks. The researchers have also recommended these companies to add overload protection on the fast chargers.