Follow

BADPOWER: a Chinese firm has demonstrated a working hack to convince the firmware in dozens of power banks to push enough power to make the connected device halt and catch fire (or, more likely, catch fire and halt)

via gizmodo, as I cannot read the Chinese blog post: gizmodo.com/new-hack-can-trick

xlab.tencent.com/cn/2020/07/16

please :donotatme:​ about threat profiles, requirement for physical access, efficacy rate, or any such related to this hack. thank.

Show thread

@dotUser when we define specifications for power delivery that include negotiation, we mandate that things like batteries end up with firmware 🤷

@djsundog So the bad firmware causes the power bank to raise its output voltage? The Gizmodo article was total junk, all "Sends more electricity than the device can handle" and stuff.

@ifixcoinops yeah, close as I can tell it's exploiting the negotiation between the power bank and the device and intentionally charging at a higher voltage than the device can handle without a thermal event

@djsundog And to think, not too very long ago, it was pretty well decided and established that USB meant 5 volts, no more, no less.

@ifixcoinops @djsundog Can't wait for the fix to be some DRM horseshit where chargers won't work without a key exchange.

Sign in to participate in the conversation
reclaim.technology

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!