What is "BadPower" attack - it is a type of attack where a fast charger connected to your mobile device like smartphone or laptop is receiving more power/voltage then the device can handle resulting in melting components and the device eventually catching fire.
How is that even possible you ask - to answer the how part, first you need to understand how devices and fast chargers work. When you connect your smartphone to a fast charger, the smartphone and the fast charger communicates via software and the smartphone tells the charger, I am capable of accepting 20 volts for example. For comparison, regular/dumb chargers only send 5 volts to the phone. Once the smartphone and the charger negotiates on the voltage, the phone starts charging. BadPower attack is where someone modifies the software/firmware on the charger itself and when you connect your phone to a hacked charger, the charger will immediately start sending high voltage to the phone regardless of what the phone is capable of accepting.
Premium brands like iPhone/Google Pixel/Samsung Galaxy has built in protection to protect its electronics when it detects high voltage, but many low end phones do not.
BadPower attack software code can also be downloaded to your device (without your knowledge) so when you connect your infected device to a vulnerable fast charger, the software will modify the firmware on the charger connected to the device.
Out of the 35 fast chargers that was tested, 18 was vulnerable to the BadPower hack. That is about half of them being vulnerable. Whats the likely hood of you getting impacted by BadPower attack in the near future? Probably low to zero. But as researchers discover and disclose these vulnerabilities, there will be bad guys that will exploit this and cause harm.
Always carry and use your own charger to avoid being exploited by this vulnerability and also protect from "Juice Jacking" attacks. And secondly, be careful of what links you click in your email, because as I mentioned above, you can also download the BadPower software code to your device without you knowing about it.
