BadPower, the virus that sets smartphones on fire

Chinese researchers have demonstrated that a simple virus is enough to tamper with the smartphone charger and set it on fire

One of the most sought-after technological innovations of the moment in consumer electronics, especially on smartphones and tablets, is fast charging. The Lenovo Legion Pro that's coming to market, for example, can be recharged to the extraordinary (unthinkable until a few years ago) power of 90 watts. But even the latest 15 inch MacBook Pro is no joke: it recharges at 87 Watts.

To charge at this power, and therefore speed, two things are needed: a very powerful charger, usually based on GaN (gallium nitride) electronics and a compatible smartphone. The two devices talk to each other and set the maximum charging power, so if a fast charger is connected to a device that does not support fast charging then the charger automatically lowers the power output. In order not to damage the smartphone that, otherwise, could even go on fire. All this is regulated through the firmware of the power supply, which communicates with the firmware of the device to be charged. But what happens if this communication between the firmware is altered by a virus?

BadPower: the virus that exploits fast charging

The answer to this question is "BadPower" and, fortunately, it's just an experiment. Researchers at Xuanwu Lab, an in-house research division of Chinese giant Tencent, have demonstrated that it is possible to "tease firwmares" via an infection with malicious code. The infected firmware basically ignores the message it receives from a device that is not compatible with fast charging and starts charging it at maximum voltage (and therefore at maximum power): even if the device tolerates a maximum of 5 Volts the charger will go up to 12V, 20V or even more if it can. The result is obvious: the recharged device is seriously damaged, sometimes producing fire and flames.

BadPower: what is at risk

Tencent's experiment is simply an experiment: there is currently no virus in circulation that modifies firmware to obtain such a result. But it's a successful experiment, which shows that it's possible to do it: out of 35 fast chargers tested, 18 of them, more than half, have been tampered with.

And the bad news is another: the same result can be obtained also acting on the firmware of the device to be charged and not on the charger's one: if a smartphone with a maximum capacity of 15 Watts tells the charger to support 50 Watts or more, then it's possible to destroy it even without modifying anything in the charger. If you modify the charger, instead, you will be able to use it to "fry" practically everything that will be connected to it after the tampering. Tencent, therefore, urges manufacturers of charging devices (and devices to be charged) to put in place robust protections for the firmware that handles fast charging.