1

I'd like to know if it is possible to figure out if the USB charger of my smartphone (more info below) contains any operating system or firmware which could be infected by malware.

Let's assume I charge my smartphone with my USB charger:

  • How can I figure out if there is any firmware inside of that charger which might be infected by malware?
  • Could the charge be infected if I use it to charge a malicious device (e.g. an infected smartphone)?
  • Could the infection spread subsequently by charging other devices?

I use the following charger:

https://www.amazon.de/SAMSUNG-EP-TA50EWE-CHARGER-MICRO-CABLE-wei%C3%9F/dp/B01CVPV7AS/ref=sr_1_1?keywords=Samsung+EP-TA50EWE

A similar model is this one:

https://www.samsung.com/de/mobile-accessories/travel-adapter-micro-usb-ta20-ep-ta20eweugww/

  • Your [other question](https://security.stackexchange.com/questions/263774/can-a-usb-charger-contain-malware) about the same topic has been closed and included a link to [another question with answers](https://security.stackexchange.com/questions/106072/can-malware-be-transmitted-via-a-usb-charger-plugged-into-a-wall-socket). Did you read those? – PasWei Jul 31 '22 at 20:52
  • 1
    I don't think that link directly addresses this question. The real questions here are "Do USB chargers have firmware?" (sometimes?) and "Is there a data link in a (legitimate) charger that can convey malware?" (probably not) – user10489 Aug 01 '22 at 11:20

2 Answers2

5

Many USB chargers are completely passive and are only a power supply with no cpu in them. These have no firmware in them and it would not be possible to infect them with malware. These are all 5v and detect resistors on the data lines to determine what maximum current to supply.

Advanced chargers may actively negotiate a higher voltage and current with the device, so the data lines are actually used. However (presuming a legitimate charger), it is unlikely that the data lines are used in a way that would allow transmitting malware to the charger, and even more unlikely the charger contains anything writable that could store malware.

Having said that, it would be possible to construct a "charger" that intentionally tried to manipulate the device it is charging. Answers linked in the comments address this possibility.

user10489
  • 1,217
  • 1
  • 3
  • 13
1

You need to tear it down or find something related for your charger online. Then you need to identify parts in the charger. Some manufacturers provide firmware updates. Some contain small ARM processors including ROM. There is a specification for USB power delivery firmware updates. If it can be updated then you can potentially flash malicious firmware though those are more likely targeted attacks.

secfren
  • 11
  • 1
  • 2
  • While this does contradict the other answer, it is true that in some new chargers like the Pixel Charger there is something like an CPU in those "programmable" chargers, but I think they're still rather very primitive and do not have the capabilities to do that kind of damage I think? What you could do is add condensators or similar electronic components, which in end could be combined (I'm not that good with electronics) to cause a shock to the USB device. I heard there are protections in newer devices though – Sir Muffington Aug 01 '22 at 19:32
  • It doesn't really contradict. I said "unlikely" not "impossible". The new USB standards are getting more and more complex. If a charger takes a firmware upgrade, then there could be an issue there. I'd hope the manufacturer only allows signed firmware to be loaded but who knows... – user10489 Aug 02 '22 at 04:50