New research published by researchers at the University of Florida and Web3 security audit company CertiK has revealed a new form of cyberattack that could set your smartphone on fire via its wireless charger.
The terrifying academic paper claims to have uncovered vulnerabilities in the way wireless chargers are manufactured, exposing them to ‘intentional electromagnetic interference’ (IEMI) from threat actors.
A set of cyberattacks christened by the authors as VoltSchemer allows for inaudible voice commands to be sent remotely and control the target device’s voice assistant, overcharging of batteries and overheating of a device itself, and even damage nearby items close to the wireless chargers, such as USB sticks, car fobs and SSDs inside laptops.
VoltSchemer in simple terms
Researchers tested nine best-selling wireless chargers from brands like Anker and Phillips, and found security vulnerabilities in all of them while using two test devices: Apple’s iPhone SE and Google’s Pixel 3 XL.
Essentially, these attacks are made possible by reading the input voltage of a charger and then manipulating it. Voltage manipulation doesn’t require a hardware or software modification to either the charger or software to work, just putting a device purpose-built to do that between the two, making VoltSchemer especially dangerous.
Some of this genuinely seems like black magic. For instance, by carefully manipulating the electromagnetic interference depth, the researchers could inject voice commands that are inaudible to human ears but understood by the smartphone’s microphone and voice assistant without interrupting power transfer from a wireless charging pad.
Scorching devices, or ‘Wireless Power Toasting’ as the researchers call it, is achieved by injecting electrical interference into the supply voltage: giving attackers control over the voltage passed between charger and smartphone
While the latest smartphones are able to terminate the charging process and shut down apps as well as the device itself in case of overheating, researchers were able to use electrical interference to disrupt communication between the smartphones and chargers in testing.
And perhaps the most impressive attack, Foreign Object Destruction, involves tricking the wireless charger, via packet injection, that it itself is a device capable of wireless charging - allowing for it to transfer power without a compatible smartphone present, to any metallic device nearby.
Researchers were able to finagle their way past various checks and balances to then adjust the power transfer rate beyond safe levels.
It’s at this point that we get to the real science: melting expensive stuff. Per the paper, data on SSDs and USB drives, documents affixed to paper clips, and RFID-tagged passports and other NFC-enabled devices were all destroyed at temperatures up to 536F/280C, with the researchers noting that, in daily use, it’s very easy to accidentally place items like these on a charging pad.
VoltSchemer’s implications
Fascinating stuff and pretty dangerous stuff all round, then, but should we be worried? Well, that’s hard to answer with a simple ‘yes’ or ‘no’.
VoltSchemer may be multifaceted and covert, but it’s not the first set of wireless charging vulnerabilities: others have had names as grotesque as Wormheart and Parasite.
As the paper itself states, the point for concern should be that VoltSchemer is comparatively easier to set up than its predecessors: wireless chargers don’t require custom firmware unique to the manipulation attack method, or physical modification to the charger, through such means as placing adversarial coils on the pad which, beyond being cumbersome, makes the attack less stealthy.
However, the saving grace of this abomination is that it was devised by security researchers, publishing their findings for the benefit of keeping others safe. The researchers have included countermeasures, and disclosed their findings to relevant vendors. None of what they found is good, but the information should be in safe hands now.
The paper also makes clear that wired charging cables are prone to its own vulnerabilities. However, they too have to be modified, and plugging a device in physically is at least a deliberate act, so, if you’re getting paranoid, wires could be a safer bet.
Via BleepingComputer
More from TechRadar Pro
