Like many, I keep a wireless charger next to my bed to charge my phone overnight. Also like many, I am consistently amazed by the fact that wonderful, device-charging electricity can safely pass between the bottom plate, through my phone case and into the device itself in a safe and efficient manner. Well, mostly safe.
A team of researchers (it’s always a team of researchers, isn’t it) have managed to develop a new set of attacks that can manipulate a wireless charger to fry your precious mobile device to death, or even start heating up objects nearby to massive temperatures. Bully.
The set of attacks have been given the ironically cool moniker “VoltSchemer”, and the methodology used is both highly innovative and slightly terrifying (via Bleeping Computer). Essentially, a wireless charger uses electromagnetic fields to transfer energy from a coil in the charging station to a corresponding coil in your device by the process of electromagnetic induction.
By manipulating the voltage with a noise signal through the use of an attached interposing device, the researchers discovered that they could interfere with the communication between the charger and the device being charged, and even with the safety systems built into the charger itself. This allowed our mischief-making research team to develop three forms of potential attack.
The first leverages this interference technique to prevent the wireless charger from being unable to tell that a device was overcharging, thereby causing it to continue to pump power into the device at the maximum rate. This caused a Samsung S8 during testing to reach a stable temperature of a too-hot-to-handle 170°C.
However, this would just be the beginning of the potential damage caused. A second type of VoltSchemer attack bypasses Qi-charging safety standards to allow large amounts of energy to transfer to objects around the charger. This can include USB sticks, SSD drives, car key fobs and NFC chips used in payment cards. Even paper clips holding documents were found to be affected, reaching an astonishing 280°C and scorching the paper to which they were attached.
Aside from the dangers of burning paper via an electronic attack, perhaps the most impressive result was the car key fob tested, as it managed to get so hot that it exploded its own battery. Should such an attack be carried out in a home setting, it’s easy to see how it could lead to catastrophic damage, and potentially even the loss of life.
The final method relies on voice assistants like Apple’s Siri or Google Assistant. The researchers were able to inject voice commands into a device through the use of a transmitted noise signal emitted over a charging station’s range.
While they were able to perform tasks like initiating a phone call or launching apps on the targeted device, the use of this attack is limited, as a potential attacker would need to record activation commands and then modify the power adapters output signals which the team admits is no easy task. Still, as a proof of concept? Concern.
That being said, the purpose of this testing is not to enable would-be-attackers to think of new ways to manipulate these devices, but to encourage manufacturers to think more deeply about potential misuse. The researchers showed their findings to the manufacturers of the charging stations used, so we can only hope that they take their findings seriously, and will take steps to mitigate the possibility of this sort of attack in future designs.
For now, I’ll still trust my bedside table charger. But I’m watching you closely, my little friend. One false move, and it’s back to cables for me.