On July 16, Tencent Security Xuanwu Lab announced a major security vulnerability named "BadPower". Then the technology circle exploded. Will our mobile phones boom like Note7? Subsequently, Tencent Security Xuanwu Lab gave a more detailed explanation of the vulnerability in an interview.
What is going on?
According to the report of Tencent Security Xuanwu Laboratory, hackers can use special devices to connect to power adapters, or control mobile phones through network intrusion, and then rewrite the firmware of the power bank/charger to output high power that mobile devices cannot accept, and then burn the devices.
Unlike previous Android software vulnerabilities, Intel "ghost, fuse" and other hardware vulnerabilities, BadPower vulnerabilities can directly attack the physical world from the "digital world", and it is conservatively estimated that hundreds of millions of devices will be affected.
How did it happen?
Yu Yang, the head of the laboratory and the top international white hat hacker, said that the smart chip in the charger and power bank was attacked this time. Both the power supply end and the power receiving end of the fast charge have the fast charge management chip, which runs the program used to complete the power negotiation and control the charging process. This time, it is the firmware of the fast charge management chip that is attacked.
In the fast charging process, the charging head of the power supply will conduct "protocol handshake" with the mobile phone and other powered devices through the power line, and then use the voltage and current that both parties can support to supply power according to the protocol. In addition, many manufacturers use special wires for fast charging with private agreements, so the charging head, equipment and power cord are indispensable. Without any one, fast charging cannot be triggered.
In this vulnerability, allowing devices that do not support fast charging to accept fast charging, allowing fast charging devices to accept high voltages that they cannot actually withstand, and actually outputting higher voltages than negotiated can overload powered devices such as mobile phones.
What will happen to the target?
In the worst case, power overload will break down the fast charge management chip/power management chip on the charging bank, mobile phone and other powered devices, and will really burn up like a "shining star in the night sky"
However, different targets and attack scenarios will have different effects. In addition to the actual overload current and voltage, it is also related to the circuit layout, components, internal structure and housing materials of the equipment. For large factory products with good materials and design, even if the chip is burnt out, they will not boom. But for products with weak materials and design, it is hard to say whether the battery, shell and other components will be affected besides burning out the chip.
At this time, it is hard to say whether the bad habit of "charging while playing with mobile phones" is good or bad. If the chip is burned off when the phone is in your hand, you may be shocked, but you may avoid a fire, but it is estimated that there will be psychological shadow
How big is the impact?
Tencent Xuanwu Security Lab tested 35 chargers, power bank and other products supporting fast charging technology on the market, and found that 18 of them had security problems, involving 8 brands and 9 different models of fast charging chips. What's worse, 11 of the 18 devices can carry out attacks without physical contact, and hackers don't even need to touch your mobile phone and charging head
There are two conditions for the "BadPower" vulnerability: first, the charging head/power bank must allow firmware rewriting through the USB port; Secondly, whether the security check will be performed for overwriting the firmware. The result is that at least 60% of the fast charging chips on the market have the function of updating firmware through USB port, so manufacturers need to take more full security considerations when using these chips.
What should I do?
You don't need to worry too much. Since hackers can make big news by rewriting the firmware of the power management chip, the device manufacturer must be able to plug this loophole. Manufacturers can help users update the firmware of charging devices through maintenance outlets. For devices that can be networked, such as mobile phones and tablets, OTA updates can also upgrade the firmware of charging devices.
For future equipment, in addition to strictly checking the firmware code, you can also turn off the firmware update function of the USB port, or add verification of the firmware validity during design and production.
As users, we should also pay attention not to lend the charging head and power bank to people of unknown origin, and not to misuse the charging bank and power bank of unknown origin, in case someone retaliates against the society. At the same time, it is recommended not to use Type-C to Mirco USB wires to charge old devices that do not support fast charging, so as to reduce the impact of attacks. Because products that support fast charging are generally better protected against overloads than products that do not support fast charging, even if attacked, the consequences will be lighter, or even unaffected.
Apple: Five Happiness One Security
The "BadPower" vulnerability sounds terrible, but the good news is that the vulnerability was reported to the national competent authority CNVD as early as March 27 this year, and relevant manufacturers are also taking active measures to eliminate the BadPower problem.
Follow our Weibo @ Love Computer
Follow our WeChat official account: playphone
Of course, we also pay attention to our Bilibili account: love computer
