BadPower is a security flaw that can literally burn a smartphone: it basically involves altering the firmware of the fast chargers and causing them to send more energy than the device to be charged can manage. Just wait for the right amount of time for the battery to overheat beyond the point of no return and catch fire, not only irreversibly damaging the device but creating a dangerous situation for the entire home – and the people who live there, of course.
Without the firmware negotiating charging speeds dynamically based on the device's battery endurance capabilities, fast charging might not exist. Normal chargers send a maximum of 5 V, fast chargers can also quadruple, or even more, this value. Unfortunately, you know: every firmware can be hacked, and that of fast chargers is no exception. The most serious aspect is that BadPower does not require any user interaction: the hacker just connects to an infected device and everything happens automatically. It only takes a few seconds for the malware to be transmitted to the loader.
The researchers tested 35 rapid charger models, 18 of which were found vulnerable to BadPower. It is important to note that if you connect to an infected charger, your device will explode: much depends on the electrical capacities of its components, and the overload protections provided by the manufacturer. A firmware update would suffice to close the vulnerability that allows researchers to inject BadPower into the firmware of the loaders; but some of the chips used by the manufacturers (18 of 34) do not foresee this possibility. Ideally, the battery invented by Stanford would go into production, but unfortunately it seems a rather remote possibility.
TenCent researchers have warned the producers.