Muva nje imininingwane ikhishiwe eyethulwe ngabaphenyi de Ukuphepha kwenkampani yaseChina Tencent ngaphezu kweyodwa isigaba esisha sokuhlaselwa abakubize nge- "BadPower" nokuthi yini kuhlose ukuhlasela umthetho olandelwayo wokushaja okusheshayo kumadivayisi e-elekthronikhi ahlukene, njengamashaja ama-smartphones, ama-laptops phakathi kwamanye ayixhasayo.
I-BadPower ivumela ukuhlaselwa lapho umlayishi abangela khona zedivayisi qala ukudluliswa kwamandla ngokweqile ukuthi okokusebenza akuklanyelwe ukuphatha, okungadala ukungasebenzi kahle, ncibilikisa izingxenye noma nomlilo.
Mayelana neBadPower
Lokhu kuhlaselwa kwenziwa nge-smartphone yesisulu, ukulawula kukabani ithathwa ngumhlaselie, ngokwesibonelo, ngokusebenzisa ubungozi noma ukwethula i-malware (idivayisi isebenza ngasikhathi sinye njengomthombo nento ehlaselwayo).
Le ndlela ingasetshenziselwa ukulimaza idivayisi ngokomzimba sesivele sengozini futhi senza ukucekelwa phansi okungadala umlilo. Ukuhlasela isebenza kumashaja asekela izibuyekezo ze-firmware futhi abasebenzisi ukuqinisekiswa kwesiginesha yedijithali yekhodi elandiwe.
Amashaja angakusekeli ukukhanya ayengekho ngaphansi kokuhlaselwa. Izinga lokulimala okungenzeka lincike kumodeli yeshaja, ukukhishwa kwamandla, kanye nokutholakala kwezindlela zokuvikela ukulayishwa okuthe xaxa kumadivayisi akhokhisiwe.
Iphrothokholi eshaja ngokushesha nge-USB kusho ukuba khona kwenqubo yokuxhumana kwamapharamitha wokushaja ngedivayisi ekhokhisiwe. Idivayisi evuselelekayo idlulisa imininingwane ngamamodi asekelwayo kushaja kanye ne-voltage evunyelwe (ngokwesibonelo, esikhundleni sama-volts ama-5, kubikwa ukuthi kungenzeka ukwamukela ama-volts ayi-9, 12 noma ama-20). Ishaja ingaqapha imingcele ngesikhathi sokushaja, shintsha isivinini sokushaja futhi ulungise i-voltage ngokuya ngezinga lokushisa.
Uma ishaja ibona ngamabomu imingcele enehaba noma iguqula ikhodi yokulawula imali, beseIshaja ingakhipha amapharamitha wokushaja okungakhelwanga kuwo idivayisi.
Indlela yokuhlasela ye-BadPower kuhilela ukonakalisa i-firmware noma ukulayisha i-firmware eguquliwe kushaja ebeka amandla amakhulu kakhulu. Amandla wamashaja akhula ngokushesha futhi, ngokwesibonelo, uXiaomi uhlela ukwethula amadivayisi asekela i-100 ne-125 watt ubuchwepheshe bokushaja ngokushesha ngenyanga ezayo.
Kuma-adaptha angama-35 ukushaja okusheshayo namabhethri angaphandle (i-Power Bank) ihlolwe ngabaphenyi, kukhethwe kumamodeli we-234 atholakalayo emakethe, ukuhlaselwa kusetshenziswe kumadivayisi we-18 yenziwe abakhiqizi abayi-8.
Ukuhlaselwa Izinkinga eziyishumi nanye kwezingu-11 zenzeka ngemodi ezenzakalelayo ngokuphelele. Ukufaka esikhundleni se-firmware kumadivayisi we-7, ukukhohlisa ngokomzimba kwe-Loader kwakudingeka. Abaphenyi baphetha ngokuthi izinga lokuphepha alincikile kwinqubo yokushaja esheshayo esetshenzisiwe, kepha lihlobene kuphela nokwenzeka kokubuyekeza i-firmware nge-USB nokusebenzisa izindlela ze-cryptographic ukuqinisekisa ukusebenza ne-firmware.
Ukuvuselelwa kwamanye amashaja kwenziwa ngembobo ejwayelekile ye-USB futhi ikuvumela ukuthi ushintshe i-firmware ye-smartphone noma i-laptop ehlaselwe ngaphandle kokusebenzisa okokusebenza okukhethekile futhi kufihliwe kumnikazi wedivayisi.
Ngokusho kwabaphenyi, cishe ama-chip angama-60% anikezwa emakethe ukushaja ngokushesha chip vumela ukuhlela izibuyekezo ze-firmware ngetheku le-USB kwimikhiqizo yokugcina.
Izinkinga eziningi ezihambisana nobuchwepheshe bokuhlasela I-BadPower ingalungiswa ezingeni le-firmware. Ukuvimba lokhu kuhlasela, abakhiqizi bamashaja anenkinga bakhuthazwa ukuthi baqinise ukuvikelwa ekuguqulweni okungagunyaziwe kwe-firmware, futhi abakhiqizi bamadivayisi wabathengi bakhuthazwa ukuthi bangeze izindlela ezengeziwe zokulawula ukulayishwa ngokweqile.
Abasebenzisi abanconyelwe ukusebenzisa ama-adaptha wohlobo C ukuxhuma amadivayisi ukushaja ngokushesha kuma-smartphones angasekeli le modi njenge lezi zinhlobo zivikeleke kancane ngokumelene nokugcwala ngokweqile okungenzeka.