Security researchers from Xuanwu Lab, operating under Chinese tech giant Tencent, recently discovered a vulnerability in fast chargers that lets them alter the charger’s firmware to deliver voltage in excess of what receiving devices can handle.
This subsequently damages any connected hardware, causing it to melt or even catch fire in some instances.
The researchers have added the flaw to the Chinese National Vulnerabilities Database (CNVD) and also notified affected vendors in the hope of seeing improved security standards develop and implemented across this industry.
The ability to quickly juice up our power-hungry smartphones through fast charging is certainly a convenience, but one where a delicate balance of demand and supply needs to be met. That’s handled through controllers built into fast chargers that intelligently switch to low or high voltage, depending on the receiver’s capability, quickly charging it for regaining hours of usage.
Fast chargers achieve this through special firmware, with built-in protection against overcharging, overheating, and other safety hazards.
However, researchers at Chinese tech giant Tencent were able to bypass these measures by modifying the charger’s firmware and altering default charging parameters to push dangerously high levels of voltage to connected devices.
An infected fast charger delivers a power overload, sets receiver ablaze
In their report, the researchers discuss fast charging protocols, which in addition to supplying power to connected devices, also provide an interface for data transmission that manufacturers use to read/write charger firmware. If not well-protected, an attacker can use the same data channel to tweak the firmware and set their own power parameters, corrupting the exchange between the charger and connected device.