|The Halt And Catch Fire Hack|
|Written by Harry Fairhead|
|Wednesday, 22 July 2020|
You may know the mythical machine instruction "halt and catch fire" - well the machine might have halted, but it certainly didn't catch fire. In fact, finding software that can damage hardware is difficult - until now. Modern power supplies are quite easy to hack and program so that they burst into flames.
You could start by thinking "power supplies are yet another computer?!", but, yes, they are. In fact, computer power supplies are a long-neglected high-tech battleground. Back in the "old days", power supplies were simple - a transformer to get the voltage and a rectifier to make the AC into DC. But this simple design is hugely inefficient. You need a really big transformer and lots of cooling. This is part of the reason that old computers, even old home computers, were huge. Then electronic engineers thought about the problem and invented the switch mode power supply that converts the voltage using a much smaller transformer, or even no transformer at all. The electronics is also clever enough to monitor the output voltage and regulate things so as to keep it constant.
The switch mode power supply is what made the small personal computers possible, and later phones and tablets with their tiny chargers. Yes, the unsung heroes of the computer revolution. Then things progressed even further. Power supplies increased in intelligence until they took over the planet - not really but it's a good plot for a sci fi. What they did was become sophisticated enough to recognize when a device signaled that it was capable of accepting a faster charge. The power supply "talks" to the device being charged and they negotiate a voltage that can be used to get the fastest charge. Yes that's correct, your 5V USB cable can provide up to 20V for a faster charge - it isn't in the USB standard, but who cares.
Researchers at Xuanwu Lab, a research unit of Chinese tech giant Tencent, decided to reprogram the power supply firmware so that the negotiation would go wrong and the device would get full power, even if it couldn't handle it. You can see the result:
You can even see it in action on a video - in chinese and hosted by Tencent:
So should we be worried?
Only in a vague, theoretical, way. As the power supply wasn't connected to Bluetooth or WiFi, physical acesses was necessary to upload new firmware. Evidencing their inventive streak, the researchers suggest that you could make a reprogrammer look like a phone and reprogram the firmware while pretending to borrow the charger.
So as long as you keep your power supply with you and don't lend it to anyone there is no danger. However, as it becomes ever cheaper to include connectivity - a Pi Zero W is $10 and has WiFi and Bluetooth and runs Linux - eventually it will be cheaper to use something like this rather than an old-fashioned and more expensive custom part. When this happens power supplies will be in the cloud on the IoT and over-the-air upgrades will be possible - and if it is possible it will happen. Then the exploit would be much more serious - halt and catch fire indeed.
or email your comment to: firstname.lastname@example.org
|Last Updated ( Wednesday, 22 July 2020 )|