Chinese researchers from Tencent Security Labs have found an exploit that lets them change the firmware on fast chargers and cause physical damage to anything that's plugged into them.
Remember the Note 7? This exploit can do the same thing to any phone.
When I say physical damage, I mean real and dangerous damage, like components popping and burning, which could lead to a very serious problem since these circuits are also connected to the battery. This is something everyone needs to know about and take precautions against until manufacturers fix the problem.
Here's what is happening. For any battery-powered device to use fast charging, the device and the charger need to communicate. For example, when you plug your phone into a fast charger, the charger needs to know how much battery charge is left, what the temperature is, and what voltage is being applied to the actual charging circuit inside the phone.
A fast charger can do this because it is actually a smart device and has a microprocessor and firmware that can collect this information from the phone through the cable. The firmware isn't a full-blown operating system or anything like that, but it is coded and written to some memory inside the charger.
Some fast chargers — Tencent tested 35 models from different manufacturers and found 18 of them from eight different brands had issues — can update the firmware through the USB port that you plug your phone into. The researchers were able to build a method to alter the firmware through a phone or another device, whereby that firmware could then send far too much voltage than it should and fry the device connected to it.
Tencent doesn't name the manufacturers that have built vulnerable equipment, but it's a safe bet to assume that some of us are using them. That means everyone needs to do one simple thing — never let anyone use your charger.
Tencent doesn't name the affected chargers or tell anyone how to do this, but we still need to be careful.
Besides people who might knowingly use a device that can wreck a fast charger, there is a possibility that someone could be a victim of malware that turns their phone into a BadPower machine that tries to send bad firmware to any charger it uses. Everyone needs to employ common sense practices such as 1) never install apps from shady sources, 2) let Google or another malware scanner do its thing, and 3) accept updates as soon as they are available. However, despite your best practices and intentions, just know that malware attacks can still happen.
Tencent says manufacturers need to do one of two things to fix this: 1) disable the ability to accept firmware updates, or 2) use a method like your phone does where only updates that are signed by the company that writes the original firmware can be accepted. Tencent has contacted the companies making the chargers in question and hasn't released any information about how to act on the exploit itself.
We already know that fast charging isn't very good for battery health and longevity, but the sky isn't falling, and nobody needs to throw away their chargers at this time. Just take the steps you need to keep the software on your phone in check, and don't share chargers or cables. You definitely do not want your phone to catch fire just because you plugged it in.