Badpower: unsafe firmwares of usb power supplies allow collection

Numerous USB charger rate with fast load function are not sufficiently protected against firmware attacks. They allow modifications to the controller to bulge connected terminates such as smartphones, tablets or notebooks by recharging.

This has found out the Chinese Xuanwu Lab, part of the Tencent Group – the security swallows call the security researchers Badpower. Specifically, it is about USB Power Delivery, which is specified for charging outputs of 10 watts (5 volts, 2 amps) to 100 watts in the type C port (20 volts, 5 amps). Fast shop must master both power supply and end device. For this purpose, the two controllers act a common denominator, which both devices support. Badpower sets at this point.

Shredded hardware

The firmware dearly modified to 18 out of 35 USB power supplies tested eight different manufacturers, so that this more electricity delivered than the controller communicated. If a smartphone gets so for example 100 instead of supported 20 to 35 watts, the device can overheat – up to the destruction of chips, for example the controller.

The firmware can be attacked on a special hardware in the form of a small board with its own controller, on the other hand, Badpower should work according to the security research on a program on the smartphone, tablet or PC. For this purpose, the USB power supply is connected once and the firmware is written. When the next charging process, the power supply supplies more power than intended.

Badpower: unsafe firmwares of USB power supplies allow collection

A final device with USB-C loading connection gets 20 instead of 5 volts and thus overheated.

Do not lend USB power supplies

The Xuanwu Lab works according to own information with manufacturers to ruste USB power supplies against Badpower. There are already relatively simple protective mechanisms in the firmware. In addition, a surprise protection, which some tested specimens already had already.

Users recommend the security researchers not to use USB power supplies or power banks of foreign people and do not give their own charger data to strangers.

Like this post? Please share to your friends:
Leave a Reply

;-) :| :x :twisted: :smile: :shock: :sad: :roll: :razz: :oops: :o :mrgreen: :lol: :idea: :grin: :evil: :cry: :cool: :arrow: :???: :?: :!: