Tag Archive for AAPL

Scary SS7 Flaw Strikes Banks

Scary SS7 Flaw Strikes BanksLost in last month’s hub-bub over WannaCry ransomware was the revelation that hackers had successfully exploited the SS7 “flaw” in January 2017. In May reports surfaced that hackers were able to remotely pilfer German bank accounts by taking advantage of vulnerabilities in Signaling System 7 (SS7). SS7 is a standard that defines how to public phone system talks to itself to complete a phone call.

Telephone system Signaling System 7 The high-tech heist was initially reported by the German newspaper Süddeutsche Zeitung (auf Deutsch). The attack was  a sophisticated operation that combined targeted phishing emails and SS7 exploits to bypass two-factor authentication (2FA) protection. This is the first publicly known exploit of SS7 to intercept two-factor authentication codes sent by a bank to confirm actions taken by online banking customers.

According to ars technica the attack began with traditional bank-fraud trojans. These trojans infect account holders’ computers and steal the passwords used to log in to bank accounts. From there, attackers could view account balances, but were prevented from making transfers without the one-time password the bank sent as a text message. After stealing the necessary login details via phishing emails, the perpetrators leveraged the SS7 flaw to intercept the associated mTAN (mobile transaction authentication numbers) authentication codes sent to the victims — messages notifying them of account activity — to validate the transactions and remain hidden, investigators say.

Central office equipmentGerman Telecommunications giant O2-Telefonica confirmed details of the SS7-based cyber attacks to the newspaper. Ars says, in the past, attackers have obtained mTANs by obtaining a duplicate SIM card that allows them to take control of the bank customer’s phone number. SS7-facilitated compromises, by contrast, can be done remotely on a much larger quantity of phone numbers.

O2 Telefonica confirmed to Help Net Security that the attackers were able to gain access to the network of a foreign mobile network operator in January 2017. The attackers likely purchased access to the foreign telecommunications provider – this can apparently be done for less than 1,000 euros – and have set up call and SMS forwarding.

Ford Road CO in Dearborn Mi is the Oregon officeTwo-factor authentication (2FA) is a security process in which the user provides two authentication factors to verify they are who they say they are.  2FA provides an extra layer of security and makes it harder for attackers to gain access to a person’s devices and online accounts, because knowing the victim’s password alone is not enough to pass the authentication check. Two-factor authentication has long been used to control access to sensitive systems and data, and online services are increasingly introducing 2FA to prevent their users’ data from being accessed by hackers who have stolen a password database or used phishing campaigns to get users’ passwords.

News of the incident prompted widespread concern online. Security advocates railed against the popular and continuous use of text messages to authenticate account information while growing evidence suggests that SS7 is an unsafe channel to deliver such data. Security experts told ars that the same SS7-centric hacking techniques used against German banks will become increasingly prevalent in the future, forcing organizations to reconsider how they authenticate user activity.

Cris Thomas, a strategist at Tenable Network Security warns in the article:

Two-factor authenticationWhile this is not the end of 2FA, it may be the end of 2FA over SS7, which comprises a majority of 2FA systems … Vulnerabilities in SS7 and other cellular protocols aren’t new. They have been presented at security conferences for years … there are other more secure protocols available now that systems can switch to…

Cyber security researchers began issuing warning about this flaw in late 2014 about dangerous flaws in SS7. I wrote about the SS7 flaw in September of 2016  and in March 2107. Maybe this will be the wake up call for the carriers. One industry insider quipped:

This latest attack serves as a warning to the mobile community about what is at stake if these loopholes aren’t closed … The industry at large needs to go beyond simple measures such as two-factor authentication, to protect mobile users and their data, and invest in more sophisticated mobile security.

man-in-the-middle attackIn 2014 security researchers first  demonstrated that SS7 could be exploited to track and eavesdrop on cell phones. This new attack is essentially a man-in-the-middle attack on cell phone communications. It exploits the lack of authentication in the communication protocols that run on top of SS7.

Developed in 1975, today, over 800 telecommunications companies around the world, including AT&T (T) and Verizon (VZ), use SS7 make sure their networks interoperate. This technology has not kept up with modern times.  In May 2017, Wired published an article which explains some of the ways to secure SS7. Overcoming SS7 insecurity requires implementing a series of firewalls and filters that can stop the attacks. Researchers Wired spoke to suggest that adding encryption to SS7 would shield network traffic from prying eyes and bolster authentication. Both of these changes are unpopular with the carriers, because they cost money and can impact the network core, so don’t expect any network changes to address the SS7 flaw anytime soon.

Carriers should use SS7 firewall to secure the SS7 networkThe Register reports that the FCC’s Communications Security, Reliability and Interoperability Council found that the proposed replacement for SS7 on 5G networks, dubbed the Diameter protocol has security holes too.

In March 2017, Oregon Sen. Ron Wyden and California Rep. Ted Lieu sent a letter to Homeland Security’s John Kelly requesting that DHS investigate and provide information about the impact of SS7 vulnerabilities to U.S. companies and governmental agencies. Kelly has not responded to the letter, according to the Wired article.

Of course the TLA’s would never use this “flaw” in SS7 to spy on us.

The Guardian says that given that the SS7 vulnerabilities reside on systems outside of your control, there is very little you can do to protect yourself beyond not using the services.

PoliticianThey recommend for text messages, avoiding SMS and instead using encrypted messaging services such as Apple’s (AAPL) iMessage, Facebook‘s (FB) WhatsApp or the many others available will allow you to send and receive instant messages without having to go through the SMS network to protect your messages from surveillance.

For calls, the Guardian recommends using a service that carries voice over data rather than through the voice call network. This will help prevent your calls from being snooped on. Messaging services including WhatsApp permit calls. Silent Circle’s end-to-end encrypted Phone service or the open-source Signal app also allow secure voice communications.

protect yourself Your location could be being tracked at any stage when you have your mobile phone on. The only way to avoid it is to turn off your phone or turn off its connection to the mobile phone network and rely on Wi-Fi instead.

Related articles

Ralph Bach has blogged from his Bach Seat about IT, careers and anything else that catches his attention since 2005. You can follow me at Facebook and Twitter. Email the Bach Seat here.

Whose Time Is It?

Whose Time Is It?What time is it? If you looked at the lower right corner of your Windows PC screen, you know what time it is. That is good enough for most people, but followers of the Bach Seat want to know more. How does Microsoft know that time it is? Microsoft and everybody else uses Internet Engineering Task Force (IETF) RFC 7822 standard protocol called Network Time Protocol (NTP).

Network Time ProtocolNTP is one of the oldest Internet protocols still in use. NTP was designed by UMich alum David Mills at the University of Delaware. NTP can maintain time to within tens of milliseconds over the public Internet, and better than one millisecond accuracy on a LAN. Like many other things in the network world, NTP is set up as a hierarchy. At the top of the tree are “Atomic Clocks” (Stratum 0). Corporations, governments and the military run atomic clocks.

USNO NTP Servers

Atomic clocks are high-precision timekeeping devices which use the element cesium, which has a frequency of 9,192,631,770 Hertz. That means it “oscillates” a little over nine billion times a second. Knowing the oscillation frequency and then measuring it in a device creates an incredibly accurate timekeeping mechanism. Atomic clocks generate a very accurate interrupt and timestamp on a connected Stratum 1 computer. Stratum 0 devices are also known as reference clocks.

Stratum 1 – These are computers attached to stratum 0 devices. Stratum 1 servers are also called “primary time servers”.

Stratum 2 – These are computers that synchronize over a network with stratum 1 servers. Stratum 2 computers may also peer with other stratum 2 computers to offer more stable and robust time for all devices in the peer group.

Stratum 3 computers synchronize with stratum 2 servers. They use the same rules as stratum 2, and can themselves act as servers for stratum 4 computers, and so on.

NIST's first atomic beam clockOnce synchronized, with a stratum 1, 2 or 3 server, the client updates the clock about once every 10 minutes, usually requiring only a single message exchange. The NTP process uses User Datagram Protocol port 123. The NTP timestamp message is 64-bits and consist of a 32-bit part for seconds and a 32-bit part for fractional second. 64-bits gives NTP a time scale of 232 seconds (136 years) and a theoretical resolution of 2?32 seconds (233 picoseconds). NTP uses an epoch of January 1, 1900 so the first roll over will be on February 7, 2036.

Microsoft (MSFT) has a mixed history of complying with NTP. All Microsoft Windows versions since Windows 2000 include the Windows Time service (“W32Time”) which was originally implemented to support the Kerberos version 5 authentication protocol. It required time to be within 5 minutes of the correct value to prevent replay attacks. The NTP version in Windows 2000 and XP violates several aspects of the NTP standard. Beginning with Windows Server 2003 and Vista, MSFT’s NTP which was reliable to 2 seconds. Windows Server 2016 can now support 1ms time accuracy.

Atomic clockIn 2014 a new NTP client, ntimed, was started. As of May 2017, no official release was done yet, but ntimed can synchronize clocks reliably under Debian and FreeBSD, but has not been ported to Windows or Apple (AAPL) macOS.

Accurate time across a network is important for many reasons; discrepancies of even fractions of a second can cause problems. For example:

  • Distributed procedures depend on coordinated times to make sure proper sequences are followed.
  • Authentication protocols and other security mechanisms depend on consistent timekeeping across the network.
  • File-system updates carried out by a number of computers depend on synchronized clock times.
  • Network acceleration and network management systems also rely on the accuracy of timestamps to measure performance and troubleshoot problems.
  • Each individual blockchain includes a timestamp representing the approximate time the block was created.

NTP has known vulnerabilities. The protocol can be exploited and used in distributed denial of service (DDoS) attacks for two reasons: First, it will reply to a packet with a spoofed source IP address; second, at least one of its built-in commands will send a long reply to a short request.

More vulnerabilities were recently discovered in NTP. SearchSecurity.com reports that security researcher Magnus Stubman discovered the vulnerability and, instead of going public, took the mature route and privately informed the community of his findings. Mr. Stubman wrote that the vulnerability he discovered could allow unauthenticated users to crash NTPF with a single malformed UDP packet, which will cause a null point dereference. The article explains this means that an attacker could be able to craft a special UDP packet which targets NTP, resulting in an exception bypass that can crash the process. A patch to remediate specific vulnerability — named NTP 4.2.8p9  — was released by the Network Time Foundation Project .

This is a Windows only vulnerability at this time. The author urges anyone running the NTP daemon on a Windows systems to patch it as soon as possible. This particular DoS attack against NTP could incapacitate a time-server and cause havoc in the network. The easiest fix is to apply the NTP patch the article states.

rb-
NTP is important to your network and patching and protecting it should be a priority. The threat to your environment is real. If NTP is not patched, an attacker could take advantage of the chaos created by this vulnerability to hide their tracks since timestamps on files and in logs won’t match.

Way back in the day, when I was a network administrator, I inherited a network where a directory services container was frozen. Seems that time had never been properly set up on the server holding the replica and as time passed, the server time drifted away from network time and at some point we could not make changes or force a replica update. That meant a late night call to professional services to kill the locked objects and then apply DSRepair –xkz (I think) and then re-install an R/O replica.

 

Ralph Bach has been in IT for a while and has blogged from his Bach Seat about IT, careers and anything else that catches his attention since 2005. You can follow me at Facebook and Twitter. Email the Bach Seat here.

Can Toshiba Stay in Business?

Can Toshiba Stay in Business?Updated 06-22-2017 – As predicted below, the NYT reports that the Japanese government formed a coalition including the US venture capital firm Bain Capital to buy Toshiba’s microchip division. Estimates are the deal is worth approx. $20 Billion.

Toshiba is being driven to sell off its crown jewel, its microchip business, to stabilize the international giant. The New York Times reports that the stalwart of Japan’s postwar rise as a global industrial giant warned that its has doubts over whether it could stay in business. In a filing in Japan, Toshiba said it wrote off more than $6 billion connected to Westinghouse Electric’s troubled nuclear reactor projects in the United States, had created “substantial uncertainty” over its ability to continue as a going concern.

ToshibaThe Toshiba microchip division is the number two global provider of NAND flash memory. NAND flash memory is a type of non-volatile storage technology that does not need power to retain data. Flash memory is electronic (solid-state) non-volatile computer storage medium that can be electrically erased and reprogrammed.

Toshiba originally invented flash memory in the early 1980s from EEPROM (electrically erasable programmable read-only memory). They introduced it to the market in 1984. Called flash memory, after the flash on a camera, the chips have become an essential building blocks of the modern electronics industry.

WestinghouseThe two main types of flash memory are named after the NAND and NOR logic gates. The individual flash memory cells have internal characteristics similar to those of the corresponding gates.

Where EPROMs had to be completely erased before being rewritten, NAND-type flash memory may be written and read in blocks (or pages) which are generally smaller than the entire device. NOR-type flash allows a single machine word (byte) to be written—an erased location—read independently.

NAND flash memoryThe NAND type operates primarily in memory cards, USB flash drives, some solid-state drives, and similar products for general storage and transfer of data. NAND or NOR flash memory is also often used to store configuration data in many digital products, a task previously made possible by EEPROM or battery-powered static RAM. One key disadvantage of flash memory is that it can only endure a relatively small number of write cycles in a specific block.

Toshiba manufactures its NAND Flash Memories at its Yokkaichi Operations to maintain quality.

Samsung Electronics Co. (005930) is the biggest maker of flash memory chips, followed by Toshiba, SK Hynix and U.S.-based Micron Technology (MU).

many as 12 companies have approached Toshiba with proposalsA sale of Toshiba’s chip business, while offering the business a lifeline, would take away its most successful business — and, more broadly, would represent a shift of a major technology away from Japan, depending on the buyer. The Toshiba sale is still in its early stages, and the NYT say as many as 12 companies have approached Toshiba with proposals. Reports are that Toshiba is asking bidders to value its operations at about $17.6 billion (2 trillion yen), and make at least a 50 percent investment.

One of the better-known suitors is Hon Hai Precision Industry, also known as Foxconn. Foxconn is the assembler of Apple (AAPL) iPhones and is world’s largest contract electronics maker. Foxconn is based in Taiwan but performs most of its manufacturing in mainland China. According to the article Foxconn could pay billions to buy the business.

offered $27 billionSources told Japanese public broadcaster NHK the first round of the Toshiba auction drew 10 offers. Toshiba has narrowed the field of bidders for its chip unit to four: U.S. chipmaker Broadcom (AVGO), a private equity firm Silver Lake Partners which reportedly offered $18 billion; SK Hynix; Western Digital (WDC); and Foxconn (2354), reports say Foxconn offered $27 billion.

Apple is considering teaming up with its supplier Foxconn to bid for Toshiba semiconductor business, Japan’s NHK reported. Apple is considering investing at least several billion dollars to take a stake of more than 20 percent as part of a plan that would have Toshiba keep a partial holding so the business remains under U.S. and Japanese control, NHK reported.

The authors point out Toshiba’s situation is a remarkable turnabout for Japan, a country that once controlled the majority of microchip markets. In the past Japanese companies have banded together to rescue flailing domestic rivals and not let them fold or be acquired by foreigners.

BankersThe article speculates that the Japanese government may cobble together a “team Japan” offer, but the response from potential participants — who would have to explain the spending to shareholders — has been tepid. “It is fundamentally unthinkable that the Industry Ministry would intervene and take some kind of action,” Hiroshige Seko, the industry minister, said at a news conference, further dampening expectations.

Mark Newman, an analyst at Sanford C. Bernstein, argued in a report that Toshiba’s memory business remained valuable enough that selling it amounted to “selling the crown jewels to pay next month’s rent.”

Apple teaming up with its supplier Foxconn to bid for ToshibaJapanese politicians and industry leaders have voiced concerns over Chinese investors’ buying advanced chip production technology; semiconductors and memory are a major priority of China’s industrial policy. That could hinder any deal with Foxconn, said Mr. Newman, of Sanford C. Bernstein.

The worry is that Foxconn “would build huge fabs in China,” Mr. Bernstein said, referring to semiconductor fabrication plants. “The jobs would move to China from Japan, and furthermore China would go after market share at the expense of crushing industry economics, so the U.S., Taiwan, Korea, Japan all get hurt substantially by this arrangement.” Foxconn has been successful in attracting subsidies from the Chinese government to build large-scale production facilities in China.

The article speculates that Foxconn could take the Toshiba technology and manufacture it more cheaply in China. Such a move could drive down pricing for memory, a boon for Apple and low-cost Chinese smartphone makers. But it would also propel China forward in its long push to become internationally competitive in semiconductors. Mr. Newman has warned that competition in NAND chips could heat up next year, creating the possibility of oversupply and putting more pressure on Toshiba’s ability to put in effect next-generation technologies.

Ralph Bach has been in IT for a while and has blogged from his Bach Seat about IT, careers and anything else that catches his attention since 2005. You can follow me at Facebook and Twitter. Email the Bach Seat here.

How Much Code Does It Take?

How Much Code Does It Take?David McCandless from Information is Beautiful tries to answer the question how many millions of lines of code does it take to? For reference, the Visual Capitalist calculates that a million lines of code (MLOC), if printed, would be about 18,000 pages of text. That’s 14x the length of Leo Tolstoy’s War and Peace. The total lines of code to run systems varies widely as Mr. McCandless shows in the infographic.

  • pages of textIt took less than a million lines of code to run the NASA Space Shuttle.
    • It takes less than 5 million lines of code to run the Mars Rover Curiosity.
    • The latest version of the Firefox web browser includes just under 10 million lines of code.
    General Motors’ (GM) Chevy Volt requires just over 10 million lines of code.
    Microsoft (MSFT) Office 2008 for the Apple (AAPL) Mac consists of over 35 million lines of code
    • And it took 50 million lines of code to bring us Microsoft Vista.
    • Finally, all Google (GOOG) services combine for a whopping 2 billion lines – that means it would take 36 million pages to “print out” all of the code behind all Google services. That would be a stack of paper 2.2 miles high!
Courtesy of: Visual Capitalist

 

Ralph Bach has been in IT for a while and has blogged from his Bach Seat about IT, careers and anything else that catches his attention since 2005. You can follow me at Facebook and Twitter. Email the Bach Seat here.

Is Your Battery Healthy?

Is Your Battery Healthy?Lithium ion batteries have been in the news lately for causing fires and explosions. Explosions have happened with e-cigarettes, hover boards and the Samsung Galaxy Note 7, which was banned from all flights by the FAA due to its explosion risk. Despite the risks they power most of today’s most popular gadgets.

Exploding Lithium ion batteriesFred Langa at Windows Secrets Newsletter posted an article on how to get the most out of the lithium-ion (Li-ion) batteries. Li-ion batteries need very different care and feeding than the nickel-cadmium (Ni-Cd) and nickel-metal-hydride (Ni-MH) batteries used in earlier devices. Proper care of a Li-ion battery can result in as much as 15 times longer service life than with an improperly cared-for battery.

The article does not cover ways to get more run time between recharges; those techniques are already well-known. Most portable devices offer ample manual and automatic power-saving modes and methods such as adjusting screen brightness, slowing CPU speed, and reducing the number of apps running.

Automatic power-saving modesRather, the article focused on ways to extend the battery’s overall service life. Follow these five important tips, and you’ll help make sure that your Li-ion batteries will deliver long, full, safe service lives in your new portable devices.

Tip 1: Keep your lithium batteries cool – Heat is the number-one enemy of Li-ion batteries. Heat issues can be caused by usage factors such as the speed and duration of battery charging and discharging. The physical environment also matters. Simply leaving your Li-ion-powered device in the sun or in an enclosed car, even if the device isn’t being used, can significantly reduce the battery’s ability to take and hold a charge according to the article.

High temperatures can reduce your Li-ion-powered device can significantly reduce the battery's ability to hold a chargeLi-ion batteries perform best at about normal room temperature (68F/20C). If the device warms to 86F/30C, its ability to hold a charge drops by about 20%. Mr. Langa says if the battery is used at 113F/45C — a temperature easily reached by devices that are working hard or that are in the sun, battery capacity can be reduced by 50%.

So if your device or battery becomes noticeably warm while you’re using it, the article recommends moving to a cooler place. If that’s not possible, try reducing the amount of power the device is using by turning off unneeded apps, reducing screen brightness, or activating the device’s power-saving mode.

Of course, you can turn the device fully off until its temperature returns to normal. For fastest cooling, remove the battery, if possible Windows Secrets recommends. The battery and the device will cool off faster if they’re physically separated according to the article.

Consumer-grade Li-ion batteries are useless at temperatures below freezingLow temperatures aren’t as much of a worry. Low temps usually won’t cause any long-term damage, although a cold battery won’t produce as much power as it otherwise would . The power drop becomes very noticeable at temperatures lower than about 40F/4C. Most consumer-grade Li-ion batteries are essentially useless at temperatures below freezing.

If your Li-ion powered device becomes excessively chilled for any reason, don’t try to use it. The article says leave it powered off and move it to a warm place until the device is at normal temperature. Once the battery warms to a normal temperature, so will its electrical performance.

Unplug the charger to save the batteryTip 2: Unplug the charger to save the battery – Overcharging, leaving a battery connected to a too-high voltage source for too long, can reduce a Li-ion battery’s ability to hold a charge, shorten its life, or kill it outright according to the author. Most consumer-grade Li-ion batteries are designed to work at around 3.6 volts per cell but will accept a temporary overvoltage of around 4.2 volts while charging. Mr. Langa  warns that if a charger outputs the higher voltage for too long, internal battery damage can occur.

In severe cases, Windows Secrets warns that overcharging can lead to what battery engineers delicately refer to as “catastrophic failure.” Even in moderate instances, the excess heat produced by overcharging will negatively affect battery life, as you saw in Tip #1.

High-quality chargers can work in concert with circuitry inside well-designed Li-ion-powered devices and their batteries, reducing the danger of overcharging by properly tapering off the charging current. The article says the simplest, can’t fail method is not to leave your Li-ion devices connected to any charger longer than needed.

These properties are quite different from those of older Ni-Cd and Ni-MH battery technologies, which did best when left on their chargers for as long as possible. That’s because those older battery types have a high rate of self-discharge; that is, they start losing a significant amount of stored energy the moment you take them off the charger, even if the device they power is turned off.
In fact, a Ni-Cd battery can self-discharge at a rate of 10% in the first 24 hours. The self-discharge curve flattens after that, but a Ni-Cd battery will still lose an additional 10–20% charge per month.Ni-MH batteries are even worse. Their self-discharge rate is about 30% higher than that of Ni-Cd.

But Li-ion batteries have a very low rate of self-discharge. A healthy, full, lithium battery will self-discharge at about only 5% in the first 24 hours off the charger — with only 2% or so per month after that.

It’s simply not necessary to leave a Li-ion device on the charger until the last possible moment. For best results and the longest battery life, unplug the charger when it or the lithium-powered device shows a full charge.

It’s also not necessary to give new Li-ion devices an extended charge before first use. (Ni-Cd or Ni-MH devices used to come with warnings to do an initial charge of anywhere from 8 to 24 hours.) Li-ion batteries are fully ready for use when the charger or the device reads 100% charge. No extended charging is needed.

Tip 3: Don’t deep-discharge your battery – Not all discharge cycles exact the same toll on a battery. Long and heavy usage generates more heat, putting more stress on the battery; smaller, more frequent discharges extend the overall life of lithium batteries.

Don't deep-discharge your batteryYou might think that a higher number of small discharge/recharge cycles would eat into the battery’s overall lifespan. That was true with older technologies, the author says it’s not the case with Li-ion. Battery specs can be confusing because most manufacturers count a full Li-ion charge cycle as whatever it takes to add up to a 100% charge. For example, three 33% discharge/recharge cycles equal one full-charge cycle, five 20% cycles equal a full charge, and so on.

In short, a higher number of small discharge/recharge cycles doesn’t reduce a lithium battery’s total available full-charge cycles.

Again, heat and stress from heavy discharges cut battery life. So try to keep your deep-discharge events to a minimum. Mr. Langa recommends that you don’t let your device routinely run down to zero charge (where the device turns itself off). Instead, think of the bottom 15–20% of battery capacity as a reserve — for emergency use only. Get into the habit of swapping in a fresh battery (if possible) or plugging the device into external power well before the battery is empty.

Slow and steady charge is best Tip 4: Slow and steady charge/discharge is best – As you now know, both fast discharging and fast recharging generate excess heat and exact a toll on battery life. Windows Secrets says if you’ve run a device long and hard, let the battery cool to room temperature before recharging it. Batteries won’t accept a full charge when hot. And when recharging, make sure your charger doesn’t make the battery become hot to the touch, a hot battery is a sign the charger is pumping too much current, too fast, through the battery.

Overcharging is more likely with chargers that are cheap, off-brand models; that use fast-charge circuitry; or that are wireless (inductive). These “dumb” chargers simply pump out current, accepting little or no feedback from the device being charged. Overheating and overvoltages can easily occur, damaging or even destroying the battery.

Fast chargers provide a useful charge to a drained battery in minutes and not hours. The author explains there are various approaches to fast-charging technology, and not all of them are compatible with all lithium batteries. Unless the charger and the lithium battery are specifically designed to work together, fast charging could cause overheating and overvoltages. Generally, it’s best not to use one brand of fast charger on a different brand’s device.

Wireless (inductive) chargers use a special charging mat or surface to restore a battery’s power. It sounds wonderfully convenient, but inductive charging always generates excess heat, even when it’s working normally.

Not only is the excessive heat produced by a wireless charger not good for lithium batteries, it also wastes energy. By its nature, inductive charging’s efficiency is always going to be lower than a standard charger’s. Mr. Lunga says that higher heat and less efficiency easily outweigh convenience.

In any case, the safest approach is to use only chargers sold by the OEM of your lithium-powered device. It’s the only way to be sure that the charger will keep temperatures and voltages within specs. The article recommends that if a OEM charger isn’t available, use a low-output charger that’s unlikely to pump damaging amounts of power into the device you’re charging.

One source of low-output, non-OEM charging that’s often available is the USB port on a standard PC. A typical USB 2.0 port provides 500mA (.5 amps) per port; USB 3.0 provides up to 900mA (.9 amps) per port. In contrast, some dedicated chargers will output 3,000-4,000mA (3-4 amps). The low amperages offered by USB ports will usually provide cool, safe charging of almost any Li-ion device.

Carry a spare batteryTip 5: Whenever possible, carry a spare battery – If your device allows for easy battery replacement, carrying a spare battery is cheap insurance. It will give you twice the run time. When the in-use battery approaches 15–20% charge, simply swap out the drained battery for a fresh, cool one — you get instant full power, with no heat worries.

A spare battery also allows for other benefits. For example, if you find yourself in a situation where the installed battery is running hot, you can swap out the hot battery to let it cool. Having two batteries should also eliminate any need to use fast chargers — you can charge the spare at a safe, slow rate while the other is in use.

rb-

For more tips on how to keep your Apple iPhone battery in tip-top shape, check out this post from 2014.

Ralph Bach has been in IT for fifteen years and has blogged from his Bach Seat about IT, careers and anything else that catches his attention since 2005. You can follow me at Facebook and Twitter. Email the Bach Seat here.