Author Topic: Hackers Can Now Trick USB Chargers To Destroy Your Devices  (Read 7527 times)

0 Members and 1 Guest are viewing this topic.

Offline Syntax Error

  • Frequent Contributor
  • **
  • Posts: 584
  • Country: gb
Re: Hackers Can Now Trick USB Chargers To Destroy Your Devices
« Reply #25 on: July 22, 2020, 11:08:17 am »
@tom66 - No need to connect to the device National Grid, just any suspicious USB charger port, such as those on the school bus.

@Berni - This just needs to be a inline box that sits between the charger cable and the target device. It's about the size of a cigarette packet.

Also for your challenge, come up with a catchy name for your protection device.
 

Offline Mr Evil

  • Regular Contributor
  • *
  • Posts: 76
  • Country: gb
    • mrevil.asvachin.com
Re: Hackers Can Now Trick USB Chargers To Destroy Your Devices
« Reply #26 on: July 22, 2020, 11:52:55 am »
I've not read the specs, but sure it's the fault of the manufacturers. However the USB Implementers Forum (who are in control of the standard) should have anticipated this possibility - after all, the image of the USB PD standard risks becoming severely tainted if this turns out to be a significant real-world problem.

It isn't an easy issue to deal with in the specifications; it's one thing proving a product conforms when operated as intended but how can you prove it continues to conform in the face of an almost infinite variety of possible malign external attacks, especially when in the firmware of the microcontroller in control of the charger?

That is why I suggested that chargers should only be approved where sufficient proof exists that the critical charging voltage negotiations between the charger and the device to be charged and the actual generation of the selected voltage to the interface could only be compromised by physical modification of the product. It would likely add considerable costs and would work to the advantage of the big players at the consumers expense.
Maybe the spec could have been better; I don't know because I haven't read it either. I don't think it's reasonable or even possible to prevent crap hardware from being created though. Consider that the original USB 1 faced a comparable problem with the possibility of damage from connecting two USB hosts together, as they would both try to supply power on the same wire. To prevent that, A-to-A cables were disallowed, and yet that didn't stop manufacturers from creating peripherals with USB-A sockets on them, and A-to-A cables to go with them! They often have the USB logo on them too, despite the logo only being legally permitted on devices that are compliant.

Offline Halcyon

  • Global Moderator
  • *****
  • Posts: 6120
  • Country: au
Re: Hackers Can Now Trick USB Chargers To Destroy Your Devices
« Reply #27 on: July 22, 2020, 12:12:53 pm »
I don't recall a single brand-name phone blowing up or having their port destroyed because of it. Many are designed (within reason) to cop what owners throw at them.
When mains goes to your DC-, no phone unless it is plastic cased, can protect the user from being fried. Phone protection circuit protects against differential mode spikes, not common mode.

No one is talking about the user being fried. This thread is specifically about devices being destroyed.
 

Offline Syntax Error

  • Frequent Contributor
  • **
  • Posts: 584
  • Country: gb
Re: Hackers Can Now Trick USB Chargers To Destroy Your Devices
« Reply #28 on: July 22, 2020, 12:20:02 pm »
Quote
No one is talking about the user being fried. This thread is specifically about devices being destroyed.
Maybe place a crowbar mosfet plys a spark gap across the input VUSB/GND?
 

Offline JoeyG

  • Regular Contributor
  • *
  • Posts: 137
  • Country: au
Re: Hackers Can Now Trick USB Chargers To Destroy Your Devices
« Reply #29 on: July 22, 2020, 01:18:59 pm »
Protection
 

Offline Zero999

  • Super Contributor
  • ***
  • Posts: 20357
  • Country: gb
  • 0999
Re: Hackers Can Now Trick USB Chargers To Destroy Your Devices
« Reply #30 on: July 22, 2020, 02:04:15 pm »
All this talk of protection to 400VAC is BS. The maxiumum output voltage of  USB-C is only 20V. It's trivial to design a protection circuit to withstand that. I'd go for overvoltage protection up to 24V, just in case, but that's still easy and inexpensive to implement.
 

Offline Berni

  • Super Contributor
  • ***
  • Posts: 5050
  • Country: si
Re: Hackers Can Now Trick USB Chargers To Destroy Your Devices
« Reply #31 on: July 22, 2020, 07:40:55 pm »
Yeah to be fair 24V does seam like a reasonable bar for protection. But then again something that can handle multiple amps with next to no voltage drop can be pretty bulky, especially when the whole mainboard in a phone is only the size of a few postage stamps.

Also what benefit does the manufacturer get from the extra cost and effort into adding the protection? They expect there users to buy a new phone every 2 years anyway. If a doggy charger that is the fault of the user gets that down to 1 year that's even better.
 

Offline Cerebus

  • Super Contributor
  • ***
  • Posts: 10576
  • Country: gb
Re: Hackers Can Now Trick USB Chargers To Destroy Your Devices
« Reply #32 on: July 22, 2020, 08:12:03 pm »
Today's student design challenge: design a USB charging protection device and lead that is 100% safe to connect to any random public charger point. Whether that USB charger point is on a plane, a bus or attached to a cycling machine in a train station, your design will handle over voltage, over current and, provide isolation from transients, floating earths, etc. Plus, it provides a nice user friendly status LED. Don't cut and paste a design off of Google, figure it out yourself just like your classmates will have to.

There's no such circuit. Say someone designed a USB charging point that was connected directly to 3ph 415V.  No protection circuit is going to protect against that unless it is self-sacrificing.  And then it would need to have a relay/contactor/MOSFET to isolate it and even that has a maximum breakdown rating.
 
There always comes a reasonable limit for which protection circuits are designed to handle.  28V protection on a 5V USB device makes sense because it protects against the worst case of a failed cigarette-lighter charger in a 24V vehicle.  Beyond that point failures are almost certainly intentional.

You've obviously never heard of load dumps.
Anybody got a syringe I can use to squeeze the magic smoke back into this?
 
The following users thanked this post: amyk

Online tom66

  • Super Contributor
  • ***
  • Posts: 7334
  • Country: gb
  • Electronics Hobbyist & FPGA/Embedded Systems EE
Re: Hackers Can Now Trick USB Chargers To Destroy Your Devices
« Reply #33 on: July 23, 2020, 06:30:31 am »
You've obviously never heard of load dumps.

Of course load dumps are a thing, but you'd be having a remarkably bad day if you happened to have your device connected to one while a load dump occurred, while the charger was short circuited and malfunctioning, and the charger had no load dump provision at all on its input.

The point is you need to stop at some point and engineering a phone to survive 120V from a 28V load dump given it normally charges on 5V is not going to be easy. Maybe it is something an industrial smartphone could do.
 

Offline Berni

  • Super Contributor
  • ***
  • Posts: 5050
  • Country: si
Re: Hackers Can Now Trick USB Chargers To Destroy Your Devices
« Reply #34 on: July 23, 2020, 04:13:35 pm »
I think its more the case that a load dump would blow up a cheap cigarette socket USB charger since most are not all that well made. And the failure mode of buck DC/DC converters is often to just let the full input voltage trough. Still a load dump is rather rare is likely to fry something else too.

But yeah its ridiculous to try and design a phone to handle that. I do think it would make sense to survive 24V if you have a USB-C port on the phone. But i can see why a lot of phone manufaturers wouldn't bother with the extra cost and the effort to find room inside the phone for an additional bulky power IC.
 

Offline asmi

  • Super Contributor
  • ***
  • Posts: 2860
  • Country: ca
Re: Hackers Can Now Trick USB Chargers To Destroy Your Devices
« Reply #35 on: August 13, 2020, 02:11:04 pm »
https://www.oppo.com/en/newsroom/press/oppo-launches-125w-flash-charge-65w-airvooc-wireless-flash-charge-and-50w-mini-supervooc-charger/
That page seems to be full of marketing BS. First of all, USB PD only goes up to 100 W (20V@5A), and even that is only with EC-marked cable certified to withstand 5 A current - non-EC cables are only allowed 3 A, so 60 W max. Second - what kind of battery will be able to take such huge charging current without exploding anyway? I have S9+ phone, and it's "quick charge" is only 5V@2A, so 10 W total (measured it on 45 W USB-C PD power supply which I use for my own USB-C PD development). USB-C allows up to 5V@3A (15 W) without all of that PD business, with a simple pair of resistors. I'm yet to actually hold in a hand a phone that raises the charging voltage above 5 V, but USB-C spec requires all devices to withstand 20 V regardless of what it actually needs or uses. It also needs to withstand 20 V on CC lines (because these lines are right next to Vbus ones, so they might get connected for a moment during connection/disconnection). USB PD sinks are required to ensure Vbus voltage is Vsafe5V before they proceed with any power negotiations, and a "charger-that-is-stuck-at-20V" is a recognized failure mode that all USB-C compliant devices need to be able to handle. Finally, building a reliable over-voltage protection is not a rocket science - polyfuse + crowbar circuit were invented a long time ago.

Offline SilverSolder

  • Super Contributor
  • ***
  • Posts: 6126
  • Country: 00
Re: Hackers Can Now Trick USB Chargers To Destroy Your Devices
« Reply #36 on: August 13, 2020, 02:22:24 pm »
I think its more the case that a load dump would blow up a cheap cigarette socket USB charger since most are not all that well made. And the failure mode of buck DC/DC converters is often to just let the full input voltage trough. Still a load dump is rather rare is likely to fry something else too.

But yeah its ridiculous to try and design a phone to handle that. I do think it would make sense to survive 24V if you have a USB-C port on the phone. But i can see why a lot of phone manufaturers wouldn't bother with the extra cost and the effort to find room inside the phone for an additional bulky power IC.

Does the protection have to be anything fancier than a mosfet pass transistor that can block the current?
 

Offline asmi

  • Super Contributor
  • ***
  • Posts: 2860
  • Country: ca
Re: Hackers Can Now Trick USB Chargers To Destroy Your Devices
« Reply #37 on: August 13, 2020, 02:56:27 pm »
It is not PD.
Yes, I said above - it's BS, not PD.

Just about every Chinese phone and the yet to be released iPhone 12 have joined this war of number. 40W is practically the minimum. Samsung is lame.
Chinese are known to not care about safety as much as they rest of the world. You might want to read up on where this 20V@5A limit came from - this is not just a random number.

USB is an open standard, meaning USB-IF has no legal ways of mandating compliance. You will be surprised at how few things are actually USB compliant in everyday life.
Technically they do - you are only supposed to put USB logo on compliant devices. Whether they actually do it is a separate discussion.

Try building a 40W+ power path with 99.x% efficiency requirement with 5x overvoltage protection in the very limited left over space (apart from huge SoC, memory, storage and RF chips) on a phone motherboard and open my eyes.
I don't see a big problem doing so. But again, there is no need to do so as every USB-C device is required to withstand 20 V - like I said above, this is a recognized failure mode that needs to be tested for in order to be compliant, and no firmware on a PS can cause it to output higher than 20 V as it's a HW limitation.

Offline asmi

  • Super Contributor
  • ***
  • Posts: 2860
  • Country: ca
Re: Hackers Can Now Trick USB Chargers To Destroy Your Devices
« Reply #38 on: August 13, 2020, 03:20:41 pm »
Who cares if it is PD? What makes you think only USB-IF endorsed power delivery schemes are allowed? This VOOC thing has nothing to do with PD.
I do. Whatever you think about USB-IF (and I have my reasons to dislike them to put in mildly), the big advantage of PD is it's universality. I can connect any PD charger to any USB-C device and know that one of two things will happen -1) it works/charges, even if perhaps slowly, or 2) it doesn't work and complain about insufficient power. But most importantly, I know that one thing will absolutely NOT happen - either device will receive a permanent damage.

The law says okay, technically it is okay, and the market people thinks it is a good feature, so why not make it? War of numbers, this is what drives consumer electronics to develop.
With enough market incentive and legal workaround, more radical solutions will be proposed. It is not about if, it is about when. Welcome to capitalism.
The law doesn't say it's OK. That's the point. Like I said - go and read up on where USB PD limit came from.

Then there would not be so many dead "tri star" chips on Apple products.
Since the type C trend, every device shows the same spike of failure mode of USB-C PMIC blowing up.
I'm pretty sure PMIC designers of Maxim/TI/whatever are smarter than most of us.
Apple are known to cut corners on their HW, and pretty much any of their device has at least some kind of HW fuck up. So they are hardly a good example. I evaluated a few USB PD power controllers, and all of them were able to handle 20 V just fine. If someone does something stupid, it doesn't mean there is no better way.

Offline asmi

  • Super Contributor
  • ***
  • Posts: 2860
  • Country: ca
Re: Hackers Can Now Trick USB Chargers To Destroy Your Devices
« Reply #39 on: August 13, 2020, 03:38:07 pm »
Not how it works here. In China we don't care about patents, so chargers you buy here are all so called multi protocol.
It's not common to find a type C charger to do PD, QC, FCP, SCP, AFP, DCP, and more, all in one.
I don't care how things work in China. I have enough to worry about in my own country to care what happens elsewhere.

Just grab a 65W charger and it will work on practically any devices.
And what do you do if your phone explodes in your hand due to some kind of incompatibility?

They can get around with it with warning signs and cable DRM. Vivo sells worldwide, you are welcomed to sue them. I'd appreciate a cut if you manage to make big chunks of money from them.
They know better than selling this junk in countries which actually care about their people, and where selling dangerous piece of junk can have serious legal consequences.

Offline asmi

  • Super Contributor
  • ***
  • Posts: 2860
  • Country: ca
Re: Hackers Can Now Trick USB Chargers To Destroy Your Devices
« Reply #40 on: August 13, 2020, 04:37:29 pm »
All fast charge standards are backwards compatible, and each have their unique way of entering.
Without triggering it, it does not output high voltage, unless in this topic where it gets intentionally hacked.
It should not do that, but that doesn't mean it won't. Like I said repeatedly (and you repeatedly ignored), this condition is a known failure mode of USB PD that all compliant devices have to be tested against. So no USB-C compliant device will receive any damage if power supply will provide the maximum voltage right from the get go. This, of course, will not work if some "genius" decides that 20 V is not high enough and allow going nigher in their "custom" protocol pulled out of his ass.

In the next few years you will not say the same thing. 10 years ago nobody would consider USB to deliver 100 watts of power.
I can pretty much guarantee you it won't happen, at least not here. In China - maybe, they seem to enjoy killing their own people.

Offline asmi

  • Super Contributor
  • ***
  • Posts: 2860
  • Country: ca
Re: Hackers Can Now Trick USB Chargers To Destroy Your Devices
« Reply #41 on: August 13, 2020, 05:28:40 pm »
You are confusing design issues with engineering issues. A bad design is fundamentally flawed, a bad engineering can be improved.
Safety hazards on fundamental logic is a design issue, safety hazards on bugs and sabotage is an engineering issue, which can be fixed.
Again you skipped the most relevant part. Compliant USB-C device is immune to the "attack" described here by design. It's only by adhoc "improvements" done by incompetent people is how you wreck everything.

That's how your country enters the third world.
No, it's the opposite - killing your own people is how countries stay in the third world, which is where China is right now, and where it will stay for foreseeable future.

Offline asmi

  • Super Contributor
  • ***
  • Posts: 2860
  • Country: ca
Re: Hackers Can Now Trick USB Chargers To Destroy Your Devices
« Reply #42 on: August 13, 2020, 07:07:37 pm »
If you dump 20V to a laptop's type C port when it is in 5V source mode like a normal USB host, even if it is rated for 20V, it WILL blow up.
Voltage can't be "dumped" anywhere - that's not how it works. If you connect bad charger that is stuck at HV for some reason, nothing bad will happen if the port is designed and tested properly.
Power role settings can make critical differences. SMC fuck ups is the No. 1 reason why MacBook, particularly 12" ones, blow up its USB port.
And Apple is not the only one. Other computers are also known to blow up if you source voltage to its C port without negotiation.
It is the responsibility of the PSU not to fuck up and I have no idea why anyone will think it is the device's responsibility to survive a bad PSU.
Standard protection against a bad PSU is TVS+fuse, and if the fuse pops, you need to service it. It has been the main protection of devices for the past century and I see no reason to change this paradigm.
Again, the fact that someone screwed up doesn't mean it's impossible to implement properly. It's just someone is either incompetent, or they knowingly decided to cut corners in implementation, relying on a second party to behave properly.

I shouldn't have been wasting my time discussing industrial design issues with someone from a country making its main income from selling natural resource.
:-DD  :-DD  :-DD

Offline SilverSolder

  • Super Contributor
  • ***
  • Posts: 6126
  • Country: 00
Re: Hackers Can Now Trick USB Chargers To Destroy Your Devices
« Reply #43 on: August 13, 2020, 08:23:02 pm »
Consumers do see fast charging as a benefit when buying a phone -  that, and large capacity batteries, and/or low power consumption.

Especially now that smartphones are no longer a "new thing", even Grandma knows what their main shortcoming is...  i.e., they run out of power, usually at the most inconvenient / annoying times!

So, I would definitely expect technology to keep moving in the direction of faster charging,  since that is cheaper/lighter than installing a bigger battery...



PS.  I still don't see why a MOSFET in series with the incoming power won't solve the protection problem.  It can just block the power if the phone can't handle the voltage.  No need for crowbars etc -  just go to a high impedance state.
« Last Edit: August 13, 2020, 08:25:14 pm by SilverSolder »
 

Online NiHaoMike

  • Super Contributor
  • ***
  • Posts: 9319
  • Country: us
  • "Don't turn it on - Take it apart!"
    • Facebook Page
Re: Hackers Can Now Trick USB Chargers To Destroy Your Devices
« Reply #44 on: August 13, 2020, 10:48:18 pm »
10 years ago nobody would consider USB to deliver 100 watts of power.
Over 20 years ago, there was an unofficial extension to USB to provide up to 144W. It was implemented as a separate part of the connector so none of the problems with changing voltages.
https://en.wikipedia.org/wiki/PoweredUSB
Cryptocurrency has taught me to love math and at the same time be baffled by it.

Cryptocurrency lesson 0: Altcoins and Bitcoin are not the same thing.
 

Offline eti

  • Super Contributor
  • ***
  • !
  • Posts: 1801
  • Country: gb
  • MOD: a.k.a Unlokia, glossywhite, iamwhoiam etc
Re: Hackers Can Now Trick USB Chargers To Destroy Your Devices
« Reply #45 on: August 15, 2020, 12:01:31 am »
Skimmed the title, saw the word "hackers" being misunderstood, exploited for clicks and abused, didn't waste time reading.
 

Offline Cerebus

  • Super Contributor
  • ***
  • Posts: 10576
  • Country: gb
Re: Hackers Can Now Trick USB Chargers To Destroy Your Devices
« Reply #46 on: August 15, 2020, 12:59:13 am »
Skimmed the title, saw the word "hackers" being misunderstood, exploited for clicks and abused, didn't waste time reading.

But you did waste your time (and ours) telling us that.  :palm:
Anybody got a syringe I can use to squeeze the magic smoke back into this?
 

Offline Ed.Kloonk

  • Super Contributor
  • ***
  • Posts: 4000
  • Country: au
  • Cat video aficionado
Re: Hackers Can Now Trick USB Chargers To Destroy Your Devices
« Reply #47 on: August 15, 2020, 01:37:26 am »
Skimmed the title, saw the word "hackers" being misunderstood, exploited for clicks and abused, didn't waste time reading.

But you did waste your time (and ours) telling us that.  :palm:

Title skimmage is a thing, apparently.
iratus parum formica
 
The following users thanked this post: eti

Offline eti

  • Super Contributor
  • ***
  • !
  • Posts: 1801
  • Country: gb
  • MOD: a.k.a Unlokia, glossywhite, iamwhoiam etc
Re: Hackers Can Now Trick USB Chargers To Destroy Your Devices
« Reply #48 on: August 15, 2020, 03:36:03 am »
Skimmed the title, saw the word "hackers" being misunderstood, exploited for clicks and abused, didn't waste time reading.

But you did waste your time (and ours) telling us that.  :palm:

Title skimmage is a thing, apparently.

Lolage!
 
The following users thanked this post: Ed.Kloonk

Offline eti

  • Super Contributor
  • ***
  • !
  • Posts: 1801
  • Country: gb
  • MOD: a.k.a Unlokia, glossywhite, iamwhoiam etc
Re: Hackers Can Now Trick USB Chargers To Destroy Your Devices
« Reply #49 on: August 17, 2020, 12:09:10 am »
Skimmed the title, saw the word "hackers" being misunderstood, exploited for clicks and abused, didn't waste time reading.

But you did waste your time (and ours) telling us that.  :palm:

And along you trundled, and wasted more time "setting me straight" ... but I suppose you think that doesn't count eh?  ;D
 


Share me

Digg  Facebook  SlashDot  Delicious  Technorati  Twitter  Google  Yahoo
Smf