Charger type 1:
There are two different types of e-c1g you’ll most commonly see: the first one resembles a normal c1garette. The charger for this has a PCB with two wires from the USB connector, and another two wires to the battery connector. As you can see below, it’s a crude surface mount job. There isn’t anything for basic logic, let alone firmware.
Charger type 2:
What about the other type of e-c1g, the cheap starter kit (e.g. the C3s) ones sold in markets for £10? The circuitry in these chargers is slightly more advanced, and the casing is certainly large enough to accommodate more features. Here I’d rule out the possibility of malware being in the e-c1g device itself, as these use what’s known as a ‘510’ connector, and the charger’s output goes straight to the battery instead of through a microprocessor. Again there are only two wires connected to it.
On the charger’s PCB there is a single LM324L IC, which contains an operational amplifier, and this simply regulates the voltage between the USB port and the device. Beyond that, there isn’t much apart from ancillary diodes, capacitors and resistors, collectively ensuring a fixed voltage goes one way. The main point here is the circuitry is entirely analogue – there is no processing, digital logic or firmware. This is important, because analogue circuits cannot be scaled down the same way digital circuits can, as their properties, such as capacitance, often rely on the physical size of the components.
Just for good measure, I also broke dissected a more expensive charger, which used the XT2058 series IC and a similar layout. Again, this was a voltage regulation IC.
Modifications and Redesign
Given the simplicity of the first charger I looked at enables a re-arranging of components to allow for a couple more integrated circuits, and the analogue components could theoretically be adjusted for that, it conceivably could be modified to load malware. However it’s extremely unlikely anyone would bother. The memory chip must be commercially available and very small. It would alter the properties of the analogue circuitry, so that would involve some engineering expertise, well beyond that of a typical malware author, to redesign the charger from scratch.
I haven’t mentioned the third type of device – the ones with a micro-USB connector. They are considerably more sophisticated and expensive microprocessor-based devices that may (or may not) use the data pins of a USB cable. These are typically manufactured and supplied by reputable firms.
A more realistic method of attack is to disguise an infected USB drive as a charging unit, so victims might plug it in, assume it was busted and think nothing more of it. Even then, it’s cheaper and more effective to simply distribute infected USB drives.
So basically the story of cheap, malware infected, e-c1garettes from China is an urban myth. That’s not to say consumers shouldn’t be concerned – A knock-off USB device from a dodgy supplier is far more likely to fry part of your laptop’s motherboard by drawing too much current through the USB port, and it could be a potential fire hazard if the voltage isn’t regulated and the battery explodes.