Masu binciken tsaro daga kamfanin kasar Sin Tencent () sabon nau'in hare-haren BadPower da nufin kayar da caja don wayoyin hannu da kwamfyutocin da ke tallafawa . Harin yana ba da damar caja don watsa wutar lantarki mai yawa wanda kayan aikin ba a tsara su don sarrafa su ba, wanda zai iya haifar da gazawa, narkewar sassa, ko ma wutar na'urar.
An kai harin ne daga wayar salular wanda aka azabtar, wanda maharin ya kama shi, alal misali, ta hanyar amfani da rauni ko gabatar da malware (na'urar tana aiki a matsayin tushen da manufa ta gaba ɗaya). Ana iya amfani da hanyar don lalata na'urar da aka riga aka lalata ta jiki da kuma aiwatar da sabotage wanda zai iya haifar da gobara. Harin ya shafi caja masu goyan bayan sabunta firmware kuma ba sa amfani da tabbatar da lambar zazzagewa ta amfani da sa hannun dijital. Caja waɗanda basa goyan bayan walƙiya ba su da sauƙin kai hari. Matsakaicin yiwuwar lalacewa ya dogara da samfurin caja, ƙarfin wutar lantarki da kuma kasancewar hanyoyin kariya masu yawa a cikin na'urorin da ake cajin.
Yarjejeniyar caji mai sauri na USB tana nuna tsari na daidaita sigogin caji tare da cajin na'urar. Na'urar da ake cajin tana isar da bayanai zuwa caja game da hanyoyin da aka goyan baya da kuma halattaccen ƙarfin lantarki (misali, maimakon 5 volts, an ruwaito cewa tana iya karɓar 9, 12 ko 20 volts). Caja na iya saka idanu sigogi yayin caji, canza ƙimar caji da daidaita ƙarfin lantarki dangane da zafin jiki.
Idan caja ya gane a fili maɗaukaki maɗaukaki ko canje-canje ga lambar sarrafa caji, caja na iya samar da sigogin caji waɗanda ba a ƙirƙira na'urar ba. Hanyar harin BadPower ya ƙunshi lalata firmware ko loda firmware da aka gyara akan caja, wanda ke saita matsakaicin yuwuwar wutar lantarki. Ƙarfin caja yana girma da sauri kuma, alal misali, Xiaomi wata mai zuwa don sakin na'urori masu goyan bayan fasahar caji mai sauri 100W da 125W.
Daga cikin adaftan caji mai sauri 35 da batura na waje (Power Banks) waɗanda masu binciken suka gwada, waɗanda aka zaɓa daga samfuran 234 da ake da su a kasuwa, harin ya shafi na'urori 18 da masana'antun 8 suka kera. Harin akan 11 daga cikin na'urori masu matsala 18 ya yiwu a cikin cikakken yanayin atomatik. Canza firmware akan na'urori 7 yana buƙatar sarrafa cajar ta zahiri. Masu binciken sun yanke shawarar cewa matakin tsaro bai dogara da tsarin caji mai sauri da ake amfani da shi ba, amma yana da alaƙa kawai da ikon sabunta firmware ta USB da kuma amfani da hanyoyin ɓoye don tabbatar da aiki tare da firmware.
Wasu caja suna walƙiya ta hanyar daidaitaccen tashar USB kuma suna ba ku damar canza firmware daga wayoyi ko kwamfutar tafi-da-gidanka da aka kai hari ba tare da amfani da kayan aiki na musamman ba kuma an ɓoye daga mai na'urar. A cewar masu bincike, kusan kashi 60% na guntuwar caji mai sauri akan kasuwa suna ba da damar sabunta firmware ta tashar USB a samfuran ƙarshe.
Yawancin matsalolin da ke da alaƙa da fasahar harin BadPower za a iya gyara su a matakin firmware. Don toshe harin, an nemi masana'antun caja masu matsala don ƙarfafa kariya daga gyare-gyaren firmware mara izini, da masu kera na'urorin mabukaci don ƙara ƙarin hanyoyin sarrafa kaya. Ba a ba da shawarar masu amfani su yi amfani da adaftan tare da Type-C don haɗa na'urorin caji mai sauri zuwa wayoyin hannu waɗanda ba sa goyan bayan wannan yanayin, tunda irin waɗannan samfuran ba su da kariya daga yuwuwar lodi.
source: budenet.ru