Hacking a Power Supply

This hack targets the firmware on modern power supplies. (Yes, power supplies are also computers.)

Normally, when a phone is connected to a power brick with support for fast charging, the phone and the power adapter communicate with each other to determine the proper amount of electricity that can be sent to the phone without damaging the device­ -- the more juice the power adapter can send, the faster it can charge the phone.

However, by hacking the fast charging firmware built into a power adapter, Xuanwu Labs demonstrated that bad actors could potentially manipulate the power brick into sending more electricity than a phone can handle, thereby overheating the phone, melting internal components, or as Xuanwu Labs discovered, setting the device on fire.

Research paper, in Chinese.

Posted on July 21, 2020 at 6:09 AM • 46 Comments

Comments

solaricJuly 21, 2020 6:56 AM

...and? It says it requires physical access. I mean, I guess this is vaguely interesting in an abstract sense, but I honestly don't see the difference vs a garbage $2.79 charger off of eBay that doesn't even vaguely bother to follow UL standards and thus might send high voltage directly out. Which as the article notes may well have resulted in the electrocution of a woman in China many years back. Or for that matter, it'd be fairly trivial to make something that looked like a charger and simply piped mains right to the phone, that's going cause the phone (or tablet or anything else wanting low voltage DC) to have a bad day too.

So I guess I don't get the threat scenario here. The big risk of a lot of hacks is that they're very (or at least fairly) silent, and can exfiltrate valuable information or perform valuable actions using the target's resources for periods without detection. Or they don't require physical access and thus can add scale and anonymity onto an existing threat, thus completely changing the economics of it. But of someone simply wants to cause raw damage in person, well there are plenty of ways to do that. If tons of places supplied public bricks I could see that offering some potential maybe for spread, but at least IME it seems like the normal is to just have plain old outlets everywhere, not power bricks directly (though probably primarily because they'd get stolen, standardization hasn't existed, and travelers almost always have their own). Maybe that's different in other places. I have seen more integrated wireless chargers, but as a basic matter of their tech I don't think those are capable of sending much no matter what the firmware does (or we'd use them more). I know I've seen scares in the past that malicious people might leave fake chargers in airports that fry devices of the unwary, but by definition they'd be discovered almost immediately and I can't remember reading about it ever happening for real (and ubiquitous surveillance in airports these days would mean a high risk of getting caught).

I mean, nothing technical stops people from throwing rocks from overpasses into traffic, that'd cause a lot of damage too. To some extent we just rely on the fact that most people aren't jerks of that level and we have law enforcement for the rest. I think to be of interest a hack needs to have some sort of scaling or silent capability, an actual applicable unique threat scenario.

solaricJuly 21, 2020 7:18 AM

Also forgot to add

(Yes, power supplies are also computers.)

They always have been to some extent haven't they, in fact they must be one of the earliest general "also computers"? And interestingly bringing them to the masses was arguably a major factor in the computing revolution that generally doesn't get thought about much. Switched mode power supplies are really cool, efficient ways to do the conversion and became a real thing with the development of power MOSFETs in the 50s but those were really expensive/complex, used where lightweight and compact really was critical (like the aerospace industry, the Apollo Guidance Computer used a switched mode psu). I think the very first single chip IC for them was the SG1524 in 1976, and that was a big deal in letting them become ubiquitous and powering everything that came after. Steve Jobs had praise way back when for Rod Holt, who designed the switching power supply for the Apple II, and Jobs credited that for helping them make it much smaller and lighter. And they pushed on their capabilities ever since.

Anyway it's worth checking out some of the teardowns of them from the past, there was a Macbook charger teardown I remember 5ish years ago and it was wild to see what's crammed into the little bricks nobody thinks much about. Amusingly the 16-bit controller in it was something like as powerful as the first Mac.

Of course it's become every more possible to do them more cheaply with still decent results. But I guess having very smooth clean power despite potentially mediocre mains makes a lot of sense in terms of maintaining device longevity. I have zero idea what the economics are internally, but it wouldn't take much reduction in warranty claims on very expensive phones/tablets/computers to justify a reasonable investment in bundling quality chargers.

randyJuly 21, 2020 7:34 AM

About that "power supplies are also computers".

So I take that some power supply made by some company in, say China, could also feed some Chinese government malware into the cell phone through the charging cable?

IsmarJuly 21, 2020 7:36 AM

This has, for some reason, reminded me of an episodie I had while working for now defunct company, where one of the coworkers offered me a power block for free for charging my then HTC phone.
It later turned out that, after me declining kindly his offer, he opted to instal the firmware rootkit when the phone was left on my desk during my not so short visit to the toilet.
This was back in the days when spies did not have the ability to to deliver these kind of payloads remotely.
Much has changed since.
Moral of the story was to never leave your phone unattended.
BTW, Coincidentally I just got another solar power brick from local amazon store today and am now in two minds about using it 😀.

randyJuly 21, 2020 7:45 AM

@Ishmar
That sounds like a crazy story but not completely farfetched, depending on your line of work I guess. How did you find out that your phone was compromised?

myliitJuly 21, 2020 8:29 AM

Might a usb condom, at the cost of slow charging and purchasing a condom device, mitigate this?

solaricJuly 21, 2020 8:49 AM

@Ismar
Yeah I stopped getting anything power related off of Amazon. Not even worried about malicious stuff per se but just the sheer raw numbers of counterfeits (to pick a few random articles out of tons). From that first one:

In 2016, Apple filed a lawsuit against a company called Mobile Star that allegedly sold counterfeit Apple chargers through Amazon. Apple said it bought more than 100 iPhones, power adapters, and Lightning cables from Mobile Star through Amazon and found nearly 90 percent of the goods were fakes.

Woof. Yeah no thanks to that.

Although to your point as well, if anything this is probably a lot more innocent then what could (is?) be done. It's just sheer greed and being cheap. But in many cases it'd be quite feasible to make a power adapter that did indeed supply safe, high quality power... and a rootkit. It's already hard enough to detect power supplies that are "merely" horribly unsafe, most people aren't opening them up or putting them on instrumentation. But if a state-level actor flooded the market with power supplies that were indeed great, except for all the malware they tried to load? Might grab quite a bit before they were detected. Heck, even afterwards, even with a recall lots might float around for a long time.

JaimeJuly 21, 2020 8:58 AM

@solaric:
>> ...and?

This is the difference between malware causing you to reset your iPhone, and malware starting your iPhone on fire. This class of attack doesn't require physical access, it requires that the device plugged into your charger run malicious code. That is already something the security community has trouble preventing.

tfbJuly 21, 2020 10:56 AM

The flip side of this is probably more terrifying: someone puts something into your phone which, when it negotiates with the power supply, causes the result of that negotiation to something which will set the phone on fire.

Obviously the thing that leaks into your phone does so as a result of inadvisedly letting it access the internet. Equally obviously the people who wrote the bad thing know just what fast chargers live behind the sockets beside your plane seat.

And suddenly, on a given day, a lot of phones are on fire in a lot of aeroplanes.

Peter A.July 21, 2020 11:39 AM

Does it require physical access to the interior of the charger? Or just to the USB plug?
The former is of no importance, you could as well just rewire AC directly to D+/D- and shield, frying the user as well. On the other hand, if they do it through the USB protocol, it could potentially become a remote attack.

Another MouseJuly 21, 2020 11:52 AM

@Peter: think about free mobile power stations at airports, just plug your prepped phone and soon there afzer the terminal is evacuated due to fire, or even worse.

Clive RobinsonJuly 21, 2020 12:22 PM

@ Solaric,

It says it requires physical access. I mean, I guess this is vaguely interesting in an abstract sense, but I honestly don't see...

The thing you are not seeing and realy have to remember is that "charging" is infact two way communications. That is the charger has to in some way know the state of the battery. Otherwise the charger will cause over charging, generation of heat, venting of flamable gasses and a device very definitely entering "terminal meltdown".

So if the device can be attacked remotely from some kind of network then you've one remote connection to the charger through the device.

But the electrical grid is also a network, there is a very large amount of communications going on across it. Not just in the home but also as both a data network and control network. Thus it's also possible to talk to the charger from the power grid...

In times past "brown outs" caused electrical equipment to fail mainly because the power supply went out of specification and that caused other parts of it to go out of specification.

As a matter of "fun" most power supplies are actually "four quadrent" devices switchmode powersupplies especially so. This means that power flows both in and out of all their ports... If you turn the mains on and off repeatedly in the right way unless the designer has taken it into account you will cause it's outputs to go out of specification rather dramatically[1].

Thus even expensive chargers can be caused to go out of specification if the designer is realy not on the ball...

[1] Bearly all control circuits use a feedback mechanism that has a loop bandwidth. In order for them to be more efficient by being faster a peak is added to the loop response. This acts as a "resonator", the down side of which is it stores energy at that peak frequency... So if you drive the loop with that frequency then the energy will build up and up... Eventually sonething gives.

PhaeteJuly 21, 2020 12:39 PM

Nice theory, but inefficient in practice.
With access to the charger, it is easy to replace the internals with a form of capacitor charge bank and you can blow anything you plug it into.

It's all because the phones have max power handling limitations due to their small size, so it relies on the powersupply to do that.

This reminds me of the 220v cables i made with speaker/jack/rca etc plugs just to see what it did with equipment. i was 11, fuses were cheap and so were old electronics.

Mr. Peed OffJuly 21, 2020 4:10 PM

"Why is there a computer in my spoon?"

I wonder who has been making applesauce with fruit from the forbidden tree?

echoJuly 21, 2020 5:52 PM

As for the remote hack possibility and power supplies being connected to electricity sockets which provide signal transmission and receiving capabilities this provides an opportunity for griefing. It also provides a tactical ability to cause a distraction or take an asset off the table. It's the stuff of "B" movies but I have little doubt it's in someones database "just in case".

For those who think a capacitor bank would be better you have to remember this is a software hack to turn a functional device into dangerous device. The flaw allows both a pervasive threat and a cheap and relatively undetectable threat with deniability. One theoretical possibility is there may be a small overlap between a targets device with a known charging flaw and an almost okay power supply so the attack could be tuned both to the device and their use patterns. Admittedly this is 0.1% stuff but the world is large enough that 0.1% may be all you need and sometimes you just get lucky/unlucky. Another attack may be to NOT charge. Nobody thought of that one. But again we're into "B" movie territory.

The truly paranoid might suppose this isn't the hack but is actually a hack by a Chinese state controled company to to socially engineer themselves into the security industry as a "trusted source".

Like most of us I feel out of specification power supplies and dodgy batteries are a bigger concern than any deliberate attack as is simple dumb careerism and greed.

IsmarJuly 21, 2020 6:47 PM

@randy - real-life stories are often the hardest to believe.

For example, would you be prepared to believe that the FSB back in 2000 ordered bombing of a number of buildings in Moscow with huge casualties to justify invading Chechnya in order to boost Putin's chances for president elections.
This is now widely acknowledged as a true fact.
After reading of The Shadow Factory book , many would be inclined to claim that the elements of the USA intelligence community colluded with their counterparts in Saudi Arabia to offer as much support to the 9/11 bombers while still being able to play the tune of plausible deniability.

TRXJuly 21, 2020 8:34 PM

Sounds like putting regulation on the power supply instead of the device was a deliberate attempt to force people to buy overpriced matching chargers.

The first four phones I had, all had proprietary connectors. Cost a pretty penny to have a charger at work as well as at home, and the phones couldn't be charged anywhere else.

WeatherJuly 21, 2020 8:48 PM

@trx
Yep you can regular but one person will stuff it up.
I posted a boot loader to program, sure it was game over from hardware, but you can't run external code in programs, afterwards some university took it on but didn't do much apart from a press realise.
Added four bytes to a heap spray attack, you can if they are susscivlie a ids that can like iptables filter out stuff.
I rout and posted here a iptables that any confound packet would be sent to the other side of earth, if it made it.
Give advice and get a spit or pence.

DaveJuly 21, 2020 10:10 PM

It's not really much in the way of news, it's just saying that any programmable power supply, which is what a fast charger is, can be maliciously programmed to deliver power levels that the device being charged can't handle. Put USB-C PD 20V into a phone expecting 5V and you cook it. Heck, you can do that with a cheap Chinese USB-C cable that lies about its capabilities, you don't even need malware in the charger.

PhaeteJuly 22, 2020 12:03 AM

@echo

For those who think a capacitor bank would be better you have to remember this is a software hack to turn a functional device into dangerous device. The flaw allows both a pervasive threat and a cheap and relatively undetectable threat with deniability.

It's not cheap, nor a pure software hack.
You have to make your own custom hardware to upload the firmware.
Or solder connections to headers to connect it to a laptop.
With that kind of effort it is easier just to replace the innards.

A similar technique is used to upgrade some oscilloscopes that are software limited models, access firmware on ISP modems and almost anything that has firmware.

https://en.wikipedia.org/wiki/JTAG

JTAG allows device programmer hardware to transfer data into internal non-volatile device memory (e.g. CPLDs). Some device programmers serve a double purpose for programming as well as debugging the device. In the case of FPGAs, volatile memory devices can also be programmed via the JTAG port, normally during development work. In addition, internal monitoring capabilities (temperature, voltage and current) may be accessible via the JTAG port.

echoJuly 22, 2020 2:05 AM

@Phaete

Unless I'm misreading the video demonstration the hardware looked very small and cheap to my eyes. Xuanwu researchers also claim the hack can be propogated via an infected phone or laptop so no extra hardware may be required.

JTAGs have nothing to do with this hack from what I can tell.

The researchers at Xuanwu claimed hacking a power adapter was as simple as connecting it to a portable, custom-designed rig that can upload malicious code to the power brick in a just a few seconds. And in some cases, the researchers were able to upload BadPower just by connecting a power adapter to an infected phone or laptop.

PhaeteJuly 22, 2020 2:37 AM

@echo

The chinese translation is talking about a terminal connection, let me see if i can get a more detailed description.

And yes, the special hardware required i mention is what you quote as "a portable, custom-designed rig" from the article.

Only in some cases they were able to reprogram the firmware with the existing connector.

echoJuly 22, 2020 3:05 AM

@Phaete

If you're going to assert things some proper references would be helpful.

Both the power supply terminal and the power receiving terminal run a set of procedures to complete the power negotiation and control the charging process. This set of programs is usually stored in the firmware of the fast charge management chip at the power supply terminal and the power receiver terminal.

When they discuss terminal they mean the terminating device at each end of the cable. (This is consistent through their text.) At one end this will be the power supply. At the other end a "custom rig" or phone or laptop. This video shows a device ("the custom rig") the size of a matchbox made out of a small PCB and a handful of components. I doubt it's expensive and it looks like it just has enough brains to navigate the problem.

Some manufacturers have designed an interface that can read and write built-in firmware in the data channel, but they have not performed effective security verification of the read and write behavior, or the verification process has problems, or the fast charging protocol implementation has some memory corruption problems. Attackers can use these problems to rewrite the firmware of the fast charging device to control the power supply behavior of the device.

No JTAGs here... Just a data channel. The video shows them plugging the "custom rig" into the standard power supply port.

The attacker invades the user's mobile phone, notebook computer and other terminal devices in some way, and implants malicious programs with BadPower attack capabilities in them, making the terminal device an attack agent of BadPower.

Some ( I never said all) power supplies can be hijacked via a bog standard phone or laptop. No extra hardware required.

Clive RobinsonJuly 22, 2020 3:11 AM

@ ALL with electric cars,

If you have an electric car please remember it's "Charge Control and battery managment system" has more than just one microprocessor in it... Oh and is technically just as vulnerable to theses sorts of attack.

Thus the potential inconvenience of a melted / burned phone is small in comparison to your car doing the same thing in your garage, now that realy could ruin not just your day but the rest of your life...

Similar is true of solar systems involving lithium batteries (Tesla Power Wall etc) where an attacker can get a signal into the CC&BMS systems.

So now might be the time to go "Fully Off Grid" and fully activate your "Local Anti-intruder Mobilization Plan" because the true apocalypse will be Zombie Battery Chargers ;-)

WeatherJuly 22, 2020 3:29 AM

@clive, all
The batteries in a car cost $4k to replace, that's a lot of petrol, I'm sure someone that buys that car isn't short of money, maybe intelligent but that doesn't count ?)

myliitJuly 22, 2020 5:00 AM

@Clive Robinson, Weather, or popcorn eaters, in general

“... So now might be the time to go "Fully Off Grid" and fully activate your "Local Anti-intruder Mobilization Plan" because the true apocalypse will be Zombie Battery Chargers ;-)”

For the fearful/paranoid (“‘f/p’”) amongst us, regarding tablets or phones, might nightly charging using a usb condom make sense to mitigate the OP issues?

Of course then f/p people, perhaps like me, might not want to sleep with them charging, with w or w/o a usb condom, under her/his pillow (while charging) at night, afaik ...

It seems that shortly, a f/p person could end up trying to cram a lot of stuff under their pillow, at the risk of a sore neck orbad night’s sleep

WeatherJuly 22, 2020 6:33 AM

@myliit
I'm guessing a USB condom is just a USB cable with no connection to the data pins?
For the phone charging system, you have to short one pin to ground through a resistor to please the circuit in phones etc, I don't think you can just used +-5v pins, from what I read a couple months ago.

myliitJuly 22, 2020 9:31 AM

@Weather

Thanks for your response.

As a practical matter I tend to try to use Apple oem charging equipment while hoping they haven’t been inadvertently, or other, changed.

Sometimes I take a usb condom with me if I am going to be gone awhile, for backup.

In layman’s terms, my guess is the usb condom is like a relatively slow trickle charge. I assume the trickle charge may (or does) cease when the battery is full.

Anecdotally, trying to charge a dead iPad with my usb condom would take a long time; my guess, a day or two, regardless of the wattage of the charger.

echoJuly 22, 2020 8:11 PM

@myliit

Yes, when a power supply doesn't recognise a "fast charge" phone it defaults to "slow charge". This doesn't matter so much when charging a phone as batteries are relatively small. A tablet often has a larger screen and a larger power draw and a larger batter so will take longer to charge. On slow charge it will take even longer. This is to be expected. Most (all?) can run while charging.

Charging froma USB port is also an option although also "slow charge". External battery packs are available for people who don't want to be constrained to a power outlet.

Back in the day nobody had smartphones or tablets. We survived.

myliitJuly 23, 2020 2:40 AM

@echo

Thanks for the information regarding smartphones, tablets, charging, and battery packs.

OT you made me wonder if an iPad or iPhone could be run without a battery, with minimal modifications. I doubt I’ll try it, however.

IPads work while charging, or staying even, with usb condoms, iirc, at least when partially charged.

iirc, a relatively completely, or whatever, discharged iDevice appears to take a little time (perhaps a few seconds to a minute) hooked up to a charger before it boots or is bootable.

You wrote: “ Back in the day nobody had smartphones or tablets. We survived.”

The newer technology can certainly be habit forming or addictive, too.

Clive RobinsonJuly 23, 2020 3:25 AM

@ myliit,

OT you made me wonder if an iPad or iPhone could be run without a battery, with minimal modifications. I doubt I’ll try it, however.

Battery chenistry is complicated and varies significantly in effect from battery to battery.

As a rough rule of thumb all chemical batteries have a quite limited number of charge / discharge cycles. However this number is significantly effected by how much you charge and discharge.

For instance a SLAB you might find in an alarm pannel or in emergancy lights or as a motorbike battery has only a 150-400 charge cycles if you fully discharge and recharge fully. Take 10% off the top and bottom and the life goes up to 1000-1500 charge discharge cycles.

The same is true of LiPo and similar batteries used in phones, pads, laptops, electric cars and power walls.

If you want to get a good life out of them you only discharge down to 30% capacity and recharge to 90% of capacity. The problem though is that "capacity" changes with age and the pattern of discharge currents. Determining this by watching the cell voltage is actually very dificult with LiPo's unlike SLAB's.

Which is why LiPo's have quite complex BMS's across individual cells and overall chargers measure both current and time and do minor mathmatical feats such as adaptive integration.

echoJuly 23, 2020 8:14 PM

@clive @mylit

I learned this month that behind the X capacity and Y charge cycles smooth customer experience that different batteries are different even in the same power pack. This is obvious once you think about it but otherwise never conciously crossed my mind before. I daresay a lot of aftermarket battery packs aren't always the first pick of the crop which isn't a real bother. The problems are with mislabelling or those grabbed from the refuse bin which are faulty. On the plus side batteries which would otherwise be binned are being recycled back into productive use and "good enough". Negatives are fraud and dangerous products.

I read someone saying that on Amazon batteries which are "shipped by Amazon" are checked by Amazon to make sure their supply chain is reputable. These checks are not conducted with any other battery suppliers so you have to reply on their brand reputation and them conducting supply chain verification. I'm guessing similar is true with power supplies.

Food is no different in principle and post Thatcherite "big bang" and post-Brexit a lot of people are going to being for a very big shock when they discover their food is no longer the pick of the crop (India sells all of its best food production to the EU before even its own citizens) and in some cases only fit for the bin (most American foods).

Ian FitzgeraldJuly 23, 2020 9:02 PM

Goes to show, that eventually all devices connect. True "air gap" does not exist, and us such everything and anything can become a threat. This is a warning that PDU's in a datacenter are as vulnerable as your servers, and can do as much or more damage if not analyzed for vulnerability, updated with firmware, and segmented from other systems like any other network device.

Clive RobinsonJuly 23, 2020 10:04 PM

@ Ian Fitzgerald,

This is a warning that PDU's in a datacenter are as vulnerable as your servers...

I'm assuming you do mean Data Center "Power Distribution Units" (PDU) and it's not a slip of the keyboard (which happens to me way more often than it should).

@ALL

Yes PDU's are a whole different type of creature and are many country miles from "Rack harnesses" of the 80's and 90's when IP based remote power switches started making an apperance.

It was expected by "the market" that PDU sales tgis year would have been around 0.95 Trillion USD. What it will actually be is anybodies guess currently, but it should give many readers a bit of a surprise or pause for thought.

Essentially it's scope has broadened and is now a lot larger than just the racks, and kind of starts with the multiple 3phase power inputs from the grid and in many cases their remotely opperated breakers and line conditioning run by the power operating company which fronts for the grid operators.

In many cases each step of the way from the ingress point up into individual racks or blades is remotely controlable in various ways as this enables considerable power savings thus cost, whilst also increasing availability by increasing the MTBF figures.

It kind of starts reminding you as the same sort of "plum target" for attack the centrifuges in the nuclear processing plants that stuxnet went after would be to certain major powers if a cyber-war was to actually start.

People tend to forget that these days with online commerce being the way forward the likes of Amazon's data centers realy are "Key National Infrastructure" every bit as much as the myriad of communications networks, as well as the traditional power/gas/water services many would first think of.

MarkHJuly 24, 2020 3:58 AM

@echo:

I read someone saying that on Amazon batteries which are "shipped by Amazon" are checked by Amazon to make sure their supply chain is reputable.

If true, the intent of such checking might be limited to the control of risk/liability with respect to fire (Li batteries being famously dangerous in this regard).

Even so, performance and reliability are likely to benefit too.

echoJuly 24, 2020 5:19 AM

@MarkH

If true, the intent of such checking might be limited to the control of risk/liability with respect to fire (Li batteries being famously dangerous in this regard).

Even so, performance and reliability are likely to benefit too.

I don't know. The major scandal seemed to be fake batteries way before exploding batteries and their ilk became an issue. Reading around a lot of feedback "shipped by Amazon" seems to be a guarantee batteries weren't fake. I have never come across any comment discussing batteries going up in flames. Dodgy certificate labels, yes. Capacity not as stated, yes. Absolutely nothing about batteries going bang. I can't remember their name but one retailer who shipped direct had a good reputation. Maybe they had been stung a few times so had buyers who double checked their supply chain sourcing? Now I know UK retailers have been caught out by counterfiet goods and they are a real threat especially if the quality isn't there but I expect trading standards and the cops to do their job if a problem emerges.

One of the biggest markets for fakes is, I am guessing, e-cigarettes. Apparently, the US company Kangertech suffers from fakes including goods with genuine looking holograms and valid serial numbers. From what I can tell most of the accidents in this industry happened because of dodgy chargers and the majority of accidents from short circuiting because some idiot carried bare batteries in their pocket with a set of keys.

Clive RobinsonJuly 24, 2020 7:54 AM

@ echo, MarkH, ALL,

I have never come across any comment discussing batteries going up in flames.

It was so bad with early Li bats that the airline industry tried to ban then being taken on flights in the same way the hotel and hospitality industry tried to ban them being put in doors etc.

The side effect of this was that you could not get the full high current benifit of Li batteries because the industry to avoid bans put fuses in the batteries.

But even quite recently a well known designer of mobile phones had to recall a flagship product because the design of the ultra slim battery was defective and caused one or two phones to "cook off"...

However they should have been wise to the issue because Apple had one or two customers with cooked ears or scorched pants pockets from a similar issue.

Li battery energy density is not far off some explosive devices such as munitions that have caused havoc and destruction over the years. And like explosives but unlike fuels Li batteries will give up their energy without further input.

Fuels unlike explosives abd Li batteries need an additional very significant input such as an oxidizing agent or lots of heat and confinment to do much more than turn into a boiling liquid[1].

But with Li and similar hydride batteries the real concern is metal fires which can burn hot enough to melt structural metals made from aluminium or iron and even cause them to combust...

There is often a lot more to "Safety Engineering" than many people realise including most other engineers and designers. Sadly it's difficult to get some things over succinctly :-( Especially when engineering preasures are in conflict as is often the case with energy sources for force multipliers and human safety. The first safety legislation came about with boiler explosions in the Victorian era and with it the creation of engineers from artisans by the use of science, something mankind has benifited significantly from in a little more than a century.

[1] However any liquid with suitable confinment and significant heating will at some point exhibit rapidly increasing vapour preasure and with containment failure a BLEVE will result,

https://en.wikipedia.org/wiki/Boiling_liquid_expanding_vapor_explosion

With fuels they might well ignite but whilst dramatic to see the fuel only burns at the surface of the expanding vapour cloud where there is oxygen for it to do so. This happens at a very low speed as the inertia is quickly countered. This is very different behaviour to a Fuel Air Explosive where the fuel is expanded rapidly to mix with air and is then ignited from the center causing a high order preasure wave to expand at many times the speed of sound trapping the energy in the surface wave and rapidly gaining more energy from the fuel air mixture. Sometimes the fuel and oxidizer are a strange combination of dusts such as aluminium powder and "flare material" if mixed correctly by an initial charge this forms a combined cloud which if done right and detonated by a second charge burns not just with an incredibly high over preasure but it then rapidly depleates the air sucking out all the oxygen etc and rapidly creating a vacuum effect thus you can end up with what is called a hyperbaric weapon, more often called a "bunker buster" which turns some organics liquid.

echoJuly 24, 2020 9:36 AM

@Clive

As best as I can tell on Amazon worries about fake batteries predated anything going pop and I haven't discovered anyone on Amazon before or since mentioning batteries which went pop. There may be no overlap between what people are buying and the batteries which have been problematic. I wasn't shopping for large capacity or super high energy density batteries just spare batteries for an old feature phone and a now aging smartphone. I don't know what the current state of reviews is as I haven't checked recently.

I have noticed the energy density similarity between batteries and bombs. It's been a long time since I used the word "brisant" in a class talk. Oh, the things which you could discover in now very firmly out of print encyclopaedias. No surprise my mum never wanted to buy me a chemistry set. It was probably for the best. Thermite is another interesting thing. Thinking of this idiocy while complete hokum the "make something dangerous out of what is accessible on board an aircraft" plot device was used in the somewhat appropriately named "Torchwood". Tempting though it is I'll leave my speculations to myself because even if half correct I don't want to give anyone ideas. No. I'm perfectly fine with straight out uni keen as mustard engineers and the old farts to sweat bullets at night sorting everything out.

Aren't you getting your bunker busters and FAEs and daisy cutters mixed up?

MarkHJuly 24, 2020 2:20 PM

@echo:

Li-ion battery fires predate Amazon's first sale of consumer electronics.

Increased risk of battery fires has long been linked to defects in the control of manufacturing and materials.

Bearing in mind that I'm guessing here about motivation, I focused in on the words "shipped by".

Li-ion batteries are classified as hazardous cargo, and forbidden for carriage in some circumstances.

I speculate, that Amazon judged it to be in its corporate interest to assure its delivery infrastructure (not all of which belongs to Amazon) that the fire hazard of Amazon shipments is controlled.

Clive RobinsonJuly 24, 2020 3:37 PM

@ echo,

It depends on what type of bunker you are talking about, the US MSM usage of military terms was always a bit squiffy.

A hyperbaric weapon has a very high peak preasure to blow doors etc off deep into an enemy strong hold be it a purpose built bunker or natural caves. As part of that it drive forwards into the network of tunnels and chambers the fuel component that is then detonated this becomes the thermobaric component that combineds with oxygen etc which would be the fuel in a convebtional FAE/FAX this then explodes but also combines with the oxygen etc and this process provides not just high heat but also the vacuum effect.

It is considered that any organics will be detrimentaly effected by first the significant overpreasure, then the intense heat followed by a partial vacuum and no oxygen, thus the expected survival rate is at best minimal even on the bacterial level.

These are not nice weapons in the slightest they are designed to offer an irregular combatant such as those defending their homes etc no place to surender or survive especially the senior commanders. It is in effect a political assasination weapon designed to allow "total warfare" or as others would say of it "The no surender option" which gave rise to the deployment against a mainly civilian population of two nuclear weapons by the US.

https://en.m.wikipedia.org/wiki/Thermobaric_weapon

As for the "daisy cutter" yes this is another high yield weapon but was a 15000lb bomb used during the Vietnam war. Realistically it is only a practical weapon against civilians because it has to be pushed out the back of a "hercy bird" or similar and descend slowly on a parachute. So it is a weapon to scare civilians and those that can not detect and neutralize a very very slow moving propeller driven transport carrier or blow holes in the slowly decending canister that is to be frank a very large and effectively fragile object.

The replacment for the Daisy Cutter is the so called "Mother of all bombs" or MOAB this is an H6 explosive blast effect device that you might otherwise use a small tactical nuke such as a M-388, a W54 on a Davy Crockett recoile less rifle (think tripod not shoulder launched). The MOAB suffers from all the same problems as the Daisy Cutter and is most definitely a device to be used against urban civilians not experienced dug in troops.

The US claims to be prepared for the most upto date top line military forces, the reality is they are not as most of their "high tech weapons" are realy ways of subsidizing those in the MIC not for real combat. In GWI you got to hear about precision "smart weapons" the reality was they were neither smart nor particularly reliable, but they sure were surley a very expensive "strap on" of what were the equivalent of a hand full of "Radio Control" model servos etc.

echoJuly 25, 2020 1:16 AM

@Clive

Yeah, hyperbaric weapons fall very definately into the "not nice" category. I'd rather take my chances with the "ceramic bullet" squad and a well concealed back door.

The "smart bombs" were a cost effective way of using up old munitions nearing its end of use date. It gave some poor Iraqi tank commander and their crew hiding under a bridge a very bad day but made for good television. I'll give them that.

MarkusJuly 27, 2020 5:25 AM

This is super confusing. Can you clarify this chicken and egg dilemma:

Xuanwu researchers found that 18 of the chips didn’t have support for updatable firmware, meaning for some bricks there would be no way to protect against BadPower.

So if a brick cannot be updated how does it get compromised in the first place? Surely there’s nothing to worry about.

And if it’s possible that the device itself can be tricked into ‘asking’ for more power then it’s the device firmware that needs updating.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Sidebar photo of Bruce Schneier by Joe MacInnis.