Kwanan nan bayani ya fito wanda masu binciken suka gabatar de Kamfanin kamfanin kasar Sin Tencent a kan daya sabon rukuni na harin da suka kira "BadPower" kuma menene da nufin kai hari kan ladaran caji da sauri a cikin na'urorin lantarki daban-daban, kamar caja don wayowin komai da ruwanka, kwamfutar tafi-da-gidanka da sauransu waɗanda ke tallafawa ta.
Mummunan Iko yana ba da damar kai hari a inda mai ɗaukar kaya ke haifarwa na na'ura fara watsa wutar lantarki da yawa cewa ba a tsara kayan aikin don sarrafawa ba, wanda zai iya haifar da matsalar aiki, narke sassa ko ma wuta.
Game da BadPower
An kai harin ne daga wayar salula ta wanda aka kashe, wanda ikon sa ana ɗauka ta maharine, alal misali, ta amfani da rauni ko gabatar da malware (na'urar tana aiki tare lokaci guda azaman tushe da abin harin).
Ana iya amfani da hanyar don lalata na'urar tuni anyi sulhu da aiwatar da sabotage wanda ka iya haifar da gobara. Harin ya dace da caja waɗanda ke tallafawa ɗaukakawar firmware kuma basa amfani da tabbacin sa hannu na dijital na lambar da aka zazzage.
Caja wanda baya goyan bayan walƙiya baya fuskantar matsala. Matsayin lalacewar da zai yiwu ya dogara da samfurin caja, fitowar wuta, da samuwar hanyoyin kariya da yawa a kan na'urorin da aka caji.
Yarjejeniyar caji mai sauri ta USB yana nuna kasancewar aiwatar da daidaito na sigogin caji da na'urar da aka caji. Na'urar sauya caji watsa bayanai game da hanyoyin da aka tallafawa zuwa caji da kuma wutan da aka bari (misali, maimakon 5 volt, an bada rahoton yiwuwar karbar 9, 12 ko 20 volts). Caja na iya sa ido kan sigogin yayin caji, canza saurin caji da daidaita ƙarfin lantarki gwargwadon yanayin zafin jiki.
Idan caja da gangan zai fahimci sigogi da aka wuce gona da iri ko ya canza lambar kula da caji, kumaCaja yana iya fitar da sigogin caji wanda ba'a tsara na'urar ba.
Hanyar kai harin BadPower ya shafi lalata firmware ko loda wani firmware da aka gyara akan caja wanda ke saita matsakaicin ƙarfin lantarki. Ofarfin caja yana ƙaruwa cikin sauri kuma, alal misali, Xiaomi na shirin ƙaddamar da na'urori waɗanda ke tallafawa 100 da 125 watt fasahar caji mai sauri a watan gobe.
Daga adaftan 35 saurin caji da batura na waje (Bankin Power) gwada da masu bincike, an zaba daga samfura 234 da ake da su a kasuwa, an yi amfani da harin kan na'urori 18 masana'anta 8 suka ƙera.
Harin da aka kai 11 na na'urori masu matsala guda 18 sun yiwu a cikin yanayin atomatik cikakke. Don maye gurbin firmware akan na'urori 7, ana buƙatar magudi na jiki na mai ɗaukar kaya. Masu binciken sun yanke hukuncin cewa matakin tsaro bai dogara da yarjejeniyar caji da sauri da aka yi amfani da shi ba, amma yana da alaka ne kawai da damar sabunta firmware ta hanyar USB da kuma amfani da hanyoyin bincike don tabbatar da ayyuka tare da firmware.
Sabunta wasu caja ana yin su ne ta hanyar tashar USB ta yau da kullun kuma zai baka damar sauya firmware na wayoyin zamani da aka kai wa hari ko kwamfutar tafi-da-gidanka ba tare da amfani da kayan aiki na musamman ba kuma an boye su ga mai na'urar.
A cewar masu binciken, kimanin kashi 60% na kwakwalwan da aka bayar akan kasuwa saurin caji ba da damar shirya sabuntawar firmware ta hanyar tashar USB akan samfuran ƙarshe.
Yawancin matsalolin da ke tattare da fasahar kai hari BadPower za a iya gyarawa a matakin firmware. Don toshe harin, an ƙarfafa masana'antun caja masu matsala don ƙarfafa kariya daga gyare-gyaren firmware mara izini, kuma an ƙarfafa masana'antun na'urorin masu amfani don ƙara ƙarin hanyoyin sarrafa kayan obalodi.
Ba a ba da shawarar masu amfani don amfani da adaftan Type-C don haɗa na'urori saurin caji zuwa wayoyin komai da ruwanka wanda basa goyan bayan wannan yanayin azaman waɗannan samfuran basu da kariya sosai kan yiwuwar yin lodi.