Could your laptop’s power charger allow you to be hacked?

There are so many ways that a computer can be hacked. It’s almost too many but over the summer a new method was discovered. With this new discovery a laptop can be compromised just by charging its batteries. While you may not need to unplug your power cable right this second this is something that you should keep in the back of your mind, especially since tech gifts are extremely popular at this time of year.

Background

One of the newer technological innovations of computers in general and laptops in particular is the use of USB-C. These ports are faster and they can carry enough power to charge your laptop’s batteries. No more power cable needed! This has the potential to make more room on the motherboard and to allow for more space that can be used for other cables. Your laptop just became more powerful and potentially gained the ability to interact with more devices.

The issue

The issue starts with the USB charger as this issue makes it possible to compromise it. Components can be altered in such a way that it does not affect the ability to charge the computer but malware can be inserted as can rootkits or viruses. In a report done by the BBC a security researcher demonstrated this and got the computer to show a fake login screen that would gather any information typed into it.

Most of what would be entered into a fake login screen or website would be user credentials. Considering most people use the same password for many different utilities that can leave an attacker in possession of that password and allow them to gain access to who knows how many accounts. The user is unaware that this is going on since the charger is doing what it is supposed to and providing power.

What is being done

What makes USB so popular is its simplicity. Plug and Play is one of the great innovations of modern computing. You can plug any USB device in and within a few seconds it is usually recognized and working. These particular kinds of attacks are really not new, they have been used on smartphones for years (both by hackers and law enforcement) since they utilize the same cable and port to both charge and to connect to a computer. This is just the next logical step and is now possible for computers given the advancements of USB-C.

Security experts are warning people to at the very least keep an eye on their chargers and to be wary of using a charger in a public place or from a stranger. Examine any charger for signs of tampering like missing screws or damage around the screws that would indicate use. What may be worse is government regulation. In the European Union legislation is being considered to standardize chargers to attempt to reduce waste and provide consumer flexibility. That means that a standard USB-C charger could be tampered with and potentially be able to attack any type of computer rather than just one brand.

The Chinese problem

China also plays a role in this. With many computers (some estimates put it at over 90% of all computers made) being made in China this opens the doors for the devices to be tampered with from the beginning with the tampering being covered up by the manufacturer. Given China’s already prolific hacking ability this just adds one more tool potentially to their toolbox. They have already done something like this when extra chips were hidden and included with hardware made by Supermicro, the leading manufacturer of server motherboards in the world.
While the motherboards were made in San Jose, California the components were made in China.

Their products were used by both Apple and Amazon through computers developed by a company called Elemental. When the computer was turned on it changed the way the operating system ran and created a backdoor which allowed for outside access. Amazon had also been working with the CIA on a drone surveillance project and Elemental’s servers could also found in the Department of Defense, on US Navy vessels and in several large companies. Oh and they were also used by government for teleconferencing. The chip was detected when Amazon purchased Elemental and sent their servers off for testing. With computer motherboards being a potential target for tariffs in a trade war with China it may lead to manufacturers leaving China. For security that may be the best thing that could happen for the US.

So for now it may be best not to get rid of that electric power charger that came with your computer. When you are in a public place or a hotel it may be best for your own security to use that. Keep your devices charged using trusted power sources and cables. It is scary to think that we now how to worry about our security when we are doing something as simple and necessary as charging the batteries of our own computers and smartphones.

Comments are closed.

Scroll to Top