Bad Power Attack: Hackers can modify the power management IC (PMIC) firmware to make your smartphone explode remotely
We all love the fast charging technology because it saves a lot of time. The popularity of fast charging technology has meant that most Chinese phone manufacturers now include fast charging technology in their gadgets. However, there is little quality control and scant respect for safety while implementing fast charging technology which could prove fatal to the user.
A team of researchers from Tencent Security Xuanwu Lab has published a report which states that a large number of smartphones/tablets and even laptops are vulnerable to an explosion due to their fast charging feature. The Xuanwu Lab researchers have named this attack vector Bad Power.
According to the Xuanwu Lab report, threat actors could control the process of charging on a vulnerable device by rewriting a device’s firmware and causing smartphone components to burn/explode or generate electric overloads causing bodily harm to the user.
The Xuanwu Lab report explains that all power adapters feature power management circuitry is controlled by a power management IC (PMIC). The PMIC operates based on its own independent firmware. The firmware has set security parameters that regulate the necessary power voltage and current parameters. Xuanwu Lab report states that hackers could access this PMIC firmware, rewrite it, and make it vulnerable to Bad Power attacks through malware that resides in the terminal device. Essentially, the Xuanwu report states that threat actors could turn such devices into a time-bomb and cause them to burn/explode remotely.
(The chip burned when a powered device was attacked by BadPower)
Bad Power works by modifying the firmware of a charging device. Once modified, the threat actors can control the power output and cause it to burn or explode smartphones, tablets, or laptops. The Tencent Security Xuanwu Lab researchers tested 35 fast-charging power bricks and power banks from eight different brands and powered by nine different PMICs. During the tests, the researchers found that 18 out of 35 fast-charging devices PMIC’s are vulnerable to Bad Power attacks. The researchers say that in these 18 fast charging chips, the legitimate firmware can easily be replaced by modified firmware. Among the 18 models, 11 models can be attacked through digital terminals that support fast charging.
Demo Proof of Concept video:
The researchers say that nearly a million devices run on these PMICs and not only smartphones and tablets, but even laptops could also be vulnerable to such Bad Power attacks. Bad Power attacks could be both deployed physically and remotely which this vulnerability even more dangerous.