Security experts at the University of Florida, in collaboration with CertiK, a security audit company, have uncovered a potential cybersecurity threat that could result in smartphones catching fire when placed on wireless chargers.
According to TechXplore, this discovery highlights vulnerabilities in the Qi communication-based feedback control system used in inductive chargers, which wirelessly transfer energy to devices through electromagnetic fields.
VoltSchemer Attacks
Inductive chargers eliminate the need for cables by utilizing electromagnetic fields to transmit energy from the charger to the smartphone. However, the researchers identified a loophole in the system's design, specifically in the adapter that connects the wireless charger to an AC outlet.
By introducing an intermediary device into the adapter, known as a "VoltSchemer," attackers can disrupt the Qi communication-based feedback control system, overriding safety mechanisms that prevent overcharging and overheating.
The research team identified three types of attacks that can be carried out using a VoltSchemer. First, attackers can manipulate the charger to control smartphone voice assistants using inaudible voice commands.
Second, they can cause damage to devices by inducing overcharging or overheating. Finally, attackers can bypass the foreign-object-detection mechanism specified in the Qi standard, potentially damaging valuable items exposed to intense magnetic fields.
The vulnerability affects a wide range of wireless chargers and smartphones, prompting the research team to notify manufacturers to address these security flaws. They anticipate that manufacturers will implement changes to safeguard consumers against VoltSchemer attacks.
Read Also: MGM Resorts Cyberattack: State and Federal Regulators Launch Probe $100 Million Data Breach
Vulnerabilities in Wireless Charging
The research team highlighted the growing popularity of wireless charging as a convenient and safer alternative to traditional wired charging methods. However, they underscored the need to address the newfound vulnerabilities in wireless charging systems to prevent exploitation by malicious actors.
The researchers introduced VoltSchemer as a novel set of attacks that exploit voltage fluctuations from the power supply to manipulate wireless chargers without requiring modifications to chargers.
They demonstrated the feasibility of these attacks by successfully targeting nine top-selling commercial-off-the-shelf (COTS) wireless chargers. Furthermore, the team emphasized the significance of their findings and recommended countermeasures to mitigate potential threats posed by VoltSchemer attacks.
Their research sheds light on the security implications of wireless charging systems and underscores the importance of proactive measures to enhance cybersecurity in emerging technologies.
"The significant threats imposed by VoltSchemer are substantiated by three practical attacks, where a charger can be manipulated to: control voice assistants via inaudible voice commands, damage devices being charged through overcharging or overheating, and bypass Qi-standard specified foreign-object-detection mechanism to damage valuable items exposed to intense magnetic fields," the research team wrote.
"We demonstrate the effectiveness and practicality of the VoltSchemer attacks with successful attacks on 9 top-selling COTS wireless chargers. Furthermore, we discuss the security implications of our findings and suggest possible countermeasures to mitigate potential threats," they added.
The paper, titled "VoltSchemer: Use Voltage Noise to Manipulate Your Wireless Charger," was published in arXiv.
Related Article: UnitedHealth Subsidiary Suffers Security Breach, Announces Network Outage for at Least 24 Hours
