G/O Media may get a commission
After confirming the results of the research, Xuanwu labs decided to test BadPower by loading it onto 35 different power bricks (out of 234 available models currently on sale) and discovered that 18 of those chargers (made by eight different vendors) were susceptible to the attack.
To make matters worse, if BadPower is used to hack a power brick, there would be no external signs or easy ways of detecting that the device had been tampered with. Fortunately, for now, it will require the bad actor to have physical access to the power adapter. The researchers at Xuanwu claimed hacking a power adapter was as simple as connecting it to a portable, custom-designed rig that can upload malicious code to the power brick in a just a few seconds. And in some cases, the researchers were able to upload BadPower just by connecting a power adapter to an infected phone or laptop.
The small upside to BadPower is that the hack can be shutdown by updating a power brick’s firmware. Unfortunately, after analyzing 34 different chips used in fast charge adapters, Xuanwu researchers found that 18 of the chips didn’t have support for updatable firmware, meaning for some bricks there would be no way to protect against BadPower.
Xuanwu Labs has reached out to the vendors who made vulnerable power adapters with advice on how to protect against BadPower hacks in the future, which includes improving firmware security and including additional charging precautions to prevent a phone from overheating.
While BadPower or similar hacks don’t seem to have been used in the wild just yet, for those worried about people messing with their power bricks, BadPower serves as a good reminder that physical security remains the first line of defense when it comes to protecting your tech. Because if a hacker can’t get to your power brick, they won’t be able to upload the malicious code needed to make your power adapter go
Subscribe to the newsletter news
We hate SPAM and promise to keep your email address safe