Ofufuza zachitetezo kuchokera ku kampani yaku China Tencent () gulu latsopano la kuukira kwa BadPower lomwe cholinga chake ndi kugonjetsa ma charger a mafoni ndi ma laputopu omwe amathandizira . Kuwukirako kumapangitsa kuti chojambulira chipereke mphamvu zochulukirapo zomwe zidazo sizinapangidwe kuti zigwire, zomwe zingayambitse kulephera, kusungunuka kwa magawo, kapena ngakhale moto wa chipangizocho.
Kuwukiraku kumachitika kuchokera pa foni yam'manja ya wozunzidwayo, yomwe imagwidwa ndi wowukirayo, mwachitsanzo, pogwiritsa ntchito chiwopsezo kapena kuyambitsa pulogalamu yaumbanda (chidacho nthawi yomweyo chimakhala ngati gwero ndi chandamale). Njirayi ingagwiritsidwe ntchito kuwononga mwakuthupi chipangizo chomwe chawonongeka kale ndikuchita zowononga zomwe zingayambitse moto. Kuwukiraku kumakhudzanso ma charger omwe amathandizira zosintha za firmware ndipo osagwiritsa ntchito kutsimikizira ma code otsitsa pogwiritsa ntchito siginecha ya digito. Ma charger omwe sagwirizana ndi kuthwanima sangathe kuwukira. Kuchuluka kwa kuwonongeka komwe kungatheke kumadalira mtundu wa charger, kutulutsa mphamvu komanso kupezeka kwa njira zodzitetezera mochulukira pazida zomwe zikuyimbidwa.
Protocol yoyitanitsa mwachangu ya USB imatanthawuza njira yofananira zolipiritsa ndi chipangizocho. Chipangizo chomwe chikuyimbidwa chimatumiza zidziwitso ku charger zamitundu yothandizidwa ndi voliyumu yovomerezeka (mwachitsanzo, m'malo mwa volts 5, akuti imatha kuvomereza 9, 12 kapena 20 volts). Chojambulira chimatha kuyang'anira magawo panthawi yolipiritsa, kusintha kuchuluka kwa ndalama ndikusintha voteji kutengera kutentha.
Ngati chojambulira chizindikira kuti pali ma parameter okwera kwambiri kapena kusintha kumapangidwa pamakhodi owongolera, chojambuliracho chikhoza kupanga zolipiritsa zomwe chipangizocho sichinapangidwe. Njira yowukira ya BadPower imaphatikizapo kuwononga fimuweya kapena kutsitsa firmware yosinthidwa pa charger, yomwe imayika mphamvu yayikulu kwambiri. Mphamvu zama charger zikukula mwachangu ndipo, mwachitsanzo, Xiaomi mwezi wamawa kuti mutulutse zida zothandizira 100W ndi 125W zothamangitsa matekinoloje othamanga.
Pa ma adapter othamanga a 35 ndi mabatire akunja (Power Banks) oyesedwa ndi ochita kafukufuku, osankhidwa kuchokera ku zitsanzo za 234 zomwe zilipo pamsika, kuukiraku kunagwiritsidwa ntchito pazida 18 zopangidwa ndi opanga 8. Kuwukira kwa 11 pazida 18 zovuta zidatheka mwanjira yokhayokha. Kusintha fimuweya pa zipangizo 7 kumafuna kusintha mwakuthupi chaja. Ofufuzawo adatsimikiza kuti kuchuluka kwa chitetezo sikudalira njira yothamangitsira mwachangu yomwe imagwiritsidwa ntchito, koma imalumikizidwa kokha ndi kuthekera kosinthira firmware kudzera pa USB komanso kugwiritsa ntchito njira za cryptographic zotsimikizira ntchito ndi firmware.
Ma charger ena amawunikira kudzera pa doko lokhazikika la USB ndikukulolani kuti musinthe firmware kuchokera pa smartphone kapena laputopu yomwe yawukira popanda kugwiritsa ntchito zida zapadera ndikubisidwa kwa mwiniwake wa chipangizocho. Malinga ndi ofufuza, pafupifupi 60% ya tchipisi tating'onoting'ono pamsika amalola zosintha za firmware kudzera pa doko la USB pazogulitsa zomaliza.
Mavuto ambiri okhudzana ndi ukadaulo wa BadPower attack amatha kukhazikitsidwa pamlingo wa firmware. Kuti aletse kuwukirako, opanga ma charger ovuta adafunsidwa kuti alimbitse chitetezo ku kusintha kosavomerezeka kwa firmware, komanso opanga zida za ogula kuti awonjezere njira zina zowongolera mochulukira. Ogwiritsa ntchito sakulimbikitsidwa kugwiritsa ntchito ma adapter okhala ndi Type-C kuti alumikizane ndi zida zothamangitsa mwachangu ku mafoni a m'manja omwe sagwirizana ndi njirayi, chifukwa mitundu yotereyi imatetezedwa kuzinthu zambiri zomwe zingatheke.
Source: opennet.ru