Stories about phone fires are nothing new: Samsung famously had a problem with its Galaxy Note 7 phones being prone to fire.

Several years after Samsung fixed the problems causing the spate of exploding phones, the USA’s airline safety agency won’t let you take one on board a plane and have signs at the airport telling you as much.

RELATED: Twitter locks down all verified accounts

RELATED: Hackers demanding $1m from beer giant

Stories also occasionally emerge where people have been horrifically injured or even killed as a result of an exploding phone.

But those fires primarily stem from design and productions errors or incorrect use.

The vulnerability discovered by researchers at Xuanwu Lab, run by Chinese tech giant Tencent’s security division, is far more concerning, because the nature of the hack allows for it to be more targeted and deliberate.

The vulnerability has been dubbed “BadPower”.

“Using BadPower, an attacker can invade a charger and other devices that support fast charging technology, so that the invaded device outputs an excessively high voltage when it is externally powered, resulting in the breakdown and burning of components of the powered device, and may even further damage the received power,” a translated statement from the lab said.

The researchers also warned “the physical environment where the device is located poses a safety hazard”.

Advances in technology over recent years have drastically increased the amount of power USB ports and cords could deliver.

This is great in the sense that you can charge your phone and other devices quicker, but it’s also the reason your humble charger can now be hacked.

Fast charging works because your phone talks to the charger through the cable to control the charging process.

It can tell the charger things like how much power to deliver at what time.

This has other applications as well, such as adaptive charging that can use machine learning to figure out your usual routine so if you plug in your phone as you go to bed it can quickly charge your phone to the desired amount, then finish charging just before you usually wake up.

This, we’re told, is good for the battery.

This communication to determine charging power and rates means the phone and charger can also send data to one another.

Fast chargers will have a little chip in them to facilitate this communication of data and to handle power output, but according to the Xuanwu Lab team, the manufacturers aren’t doing enough, if anything, to stop the chip from being hijacked.

“They have not performed effective security verification on the reading and writing behaviour, or there is a problem in the verification process, or there are certain memory corruption problems in the implementation of the fast charge protocol,” the Xuanwu researchers said. “Attackers can use these problems to rewrite the firmware of the fast charging device to control the power supply behaviour.”

This means that a phone that can only handle five volts of power can be tricked into telling the charger to send 20 volts instead, overloading the phone.

There are also two points of entry for potential hackers.

A special device could be disguised like a mobile phone and plugged into a fast charging port to send faulty firmware to trick the charger on future phones.

But even more concerning, a malicious program accidentally sent to or downloaded on your phone, tablet or laptop could then take over your charger the next time you plug in.

There’s also no way to tell whether the power brick has been hacked just by looking at it.

The researchers warn that, while data privacy and loss are the main concerns for most security issues, the BadPower hack “can destroy the physical world through digital space”.

They also warned the hack has a high “sphere of influence” because fast charging products aren’t just highly sought after, they’re also pretty cheap.

The researchers tested 35 different fast charging devices and found vulnerabilities in 18 of them, across eight brands.

“Since we cannot test all products in the entire market, we also call on more manufacturers on the ecological chain to pay attention to this issue,” the team said.

The hack was first discovered in March but wasn’t publicly disclosed until recently.

The standard practice for security researchers is to inform affected manufacturers and developers so they can try and fix the problem first and avoid being inundated with attacks when the flaws are reported publicly.