Fast charging equipment may burn down the phone after being attacked

  "Charge for 5 minutes and talk for two hours"...With the popularity of smart charging devices, major manufacturers are constantly innovating the fast charging technology of their products. For a long time, there have been many doubts about the safety of fast charging, including the impact on smart devices and batteries, and whether the charging technology itself has safety hazards.

  Recently, Tencent Security Xuanwu Lab released a research report, which mainly mentioned a security problem named "BadPower". The report pointed out that the researchers tested 35 chargers and power banks that adopted fast charging technology on the market and found that 18 of them had safety problems. An attacker (hacker) can control the charging behavior by rewriting the program code in the firmware of the fast charging device, which can cause serious consequences such as burning or even explosion of the components of the charging device.

  So, what kind of fast charging devices are vulnerable to "BadPower" threats? The boundary between the physical world and the digital world is beginning to blur, and new security threats continue to emerge. What is needed to deal with? In this regard, a reporter from Science and Technology Daily interviewed relevant experts.

  Attacks include physical contact and non-physical contact

  Compared with traditional chargers, fast charging devices are more intelligent. The firmware inside the chip runs a set of program codes, which is equivalent to the "brain" of fast charging devices, which can control and adjust the charging between fast charging devices and powered devices. Voltage, and even exchange data with the powered device.

  "However, as the core of controlling and adjusting the charging process, the program code running on the fast charging device is not well protected." According to Zhang Chao, associate professor at the Institute of Network Science and Cyberspace, Tsinghua University, many fast charging devices are not set up. Security verification, the program code can be accessed without hindrance through the powered device, and the program code can be replaced; in addition, the program code of some fast charging devices is not perfect, and its security loopholes are very high. It is easy to be used by attackers to guide them to perform wrong or malicious actions.

  In this "BadPower" problem report released by Tencent Security Xuanwu Lab, how did the attacker rewrite the program code in the firmware?

  A reporter from Science and Technology Daily learned that "BadPower" attack methods include physical contact and non-physical contact. The report pointed out that the attackers launched physical contact attacks, mainly by directly replacing device firmware such as power banks, fast charging adapters, or using mobile phones, laptops and other digital terminals connected to fast charging devices to rewrite the code in the fast charging device firmware. So as to realize the control of voltage and current in the charging process.

  "Specifically, the attacker changes the charging power by hacking the charging device, causing the components of the powered device to be broken down and burned, and it may also bring security risks to the physical environment where the powered device is located." School of Mathematics and Computer Science, Fuzhou University Professor Liu Ximeng, Assistant to the Dean and Director of the Key Laboratory of Fujian Colleges and Universities in Network System Information Security, introduced.

  It is understood that among the 18 devices with "BadPower" problems discovered by Tencent Security Xuanwu Lab, 11 devices can carry out attacks without physical contact.

  "When the attacker cannot directly physically touch the fast charging device, the attack code can be implanted into the powered device remotely through the network. When the powered device is connected to the fast charging device, the attack code can directly replace the firmware on the fast charging device. Program code." Zhang Chao said.

  When the attacker replaces the program code of the fast charging device firmware, once a new powered device is connected to the fast charging device, they will face the threat of voltage attacks.

  USB interface may become a risk entry

  It is understood that these 18 devices with "BadPower" problems involve 8 brands and 9 different models of fast charging chips.

  "As long as the charger meets the two conditions that are not allowed to modify the code in the firmware and perform security verification on the firmware, there will be no similar security risks." Liu Ximeng pointed out that there is no difference in security level between different fast charging protocols. It mainly depends on whether the code in the firmware is allowed to be rewritten through the USB port, and whether the rewriting operation has been checked for safety.

  Tencent Security Xuanwu Lab conducted a survey on fast charging chips on the market and found that nearly 60% of the code can be updated through the USB port, and the security risks cannot be ignored. So, does "BadPower" pose a threat to user privacy and security?

  "The size and hardware capabilities of normal fast charging devices on the market are limited and cannot perform complex malicious behaviors. Therefore, the currently disclosed'BadPower' attack will not cause user privacy leakage problems." Zhang Chao said.

  However, if the manufacturer provides strong computing power for the fast charging device, or the attacker sends a fake fast charging device to the user. Then, attackers have the opportunity to use fast charging devices to launch more complex attacks, which may bring serious security risks to users, such as privacy data leakage and smart devices being controlled.

  In recent years, attacks like "BadPower" have also emerged in endlessly. Tencent Security Xuanwu Lab also previously disclosed a "BadBarcode" attack, that is, the scanner can be attacked through a malicious barcode, and then the device connected to the scanner (such as a cash register computer) can be controlled; and some are by reverse engineering the firmware of the U disk Reprogramming and performing malicious operations; in addition, there have been security incidents such as using QR codes to invade smart devices for attacks, and using charging piles to attack electric vehicles.

  Safety hazards need manufacturers to cure

  How to effectively avoid and solve the problems caused by "BadPower"?

  "It is recommended that users should raise their safety awareness, for example, do not connect digital products with unidentified devices, including free chargers, USB flash drives, etc. At the same time, do not easily lend their own chargers, power banks, etc. to others." Zhang Chao Say.

  Liu Ximeng said that consumers’ property security rights include not only personal safety when using goods and receiving services, but also that goods and services do not pose a safety threat to consumers’ other property. Therefore, if a user uses a fast charging device of inferior quality and causes a safety problem, he can protect his rights through legal procedures.

  However, the "BadPower" problem will eventually need to be cured by the manufacturer.

  On the technical level, the firmware of charging equipment generally uses a single-chip microcomputer to program and debug. Many manufacturers directly combine the charging USB interface and the debugging interface into one, which will cause the equipment to be prone to security loopholes and virus intrusion. Therefore, Liu Ximeng suggested that technically, the charging USB interface and the debugging interface should be separated, and the USB interface and the debugging interface should be encrypted at the same time to prevent external intrusion.

  At the same time, when designing and manufacturing fast charging products, manufacturers can prevent the threat of "BadPower" attacks by improving the security verification mechanism of firmware updates, performing strict security checks on device firmware codes, and checking for common software security vulnerabilities.

  It is understood that Tencent Security Xuanwu Lab has reported the "BadPower" issue to the National Information Security Vulnerability Sharing Platform and communicated with relevant vendors to jointly promote the entire industry to take active measures to eliminate the "BadPower" issue. At the same time, some industry experts suggest that the technical requirements for safety verification should be included in the national standards for fast charging technology.

  The "BadPower" attack also reminds us once again that with the digitization of human production and life, the boundaries between the digital world and the physical world are becoming increasingly blurred.

  "The root cause of security threats is that the industry has not yet realized the importance of security and has not implemented security in the design process; on the other hand, the security risks introduced by the supply chain have not been fully understood. Therefore, the number Security issues will become physical security issues." Liu Ximeng pointed out that we must strengthen the awareness of security protection in aspects such as data privacy.

  Zhang Chao believes that due to technical and cost limitations, human factors, etc., security threats cannot be completely eliminated, and the offensive and defensive game will always iteratively evolve. It is the most economical way for users to improve their security awareness. Vigorously developing the network security industry, opening up the ecosystem of production, learning and research, and relying on professional security talents and products to improve the protection capabilities of manufacturers and users are the most effective means to counter the endless security threats.

  Our reporter Xie Kaifei, correspondent Xu Xiaofeng and Wang Yixi