How a Wireless Charger Could Turn Your Phone into a Fireball

Wireless chargers are convenient and easy to use, but they may also pose a serious security risk. A new type of cyberattack, dubbed VoltSchemer, could exploit the vulnerabilities of wireless chargers to cause physical damage to your phone and other nearby objects.

What is VoltSchemer?

VoltSchemer is a set of cyberattacks that use intentional electromagnetic interference (IEMI) to manipulate the communication and power transfer between a wireless charger and a smartphone. By inserting a malicious device between the charger and the power adapter, an attacker can control the voltage and current that are delivered to the phone, and interfere with the Qi communication-based feedback control system that regulates the charging process.

The researchers who discovered VoltSchemer, from the University of Florida and CertiK, a Web3 security audit company, tested nine popular wireless chargers from brands like Anker and Phillips, and found that they were all vulnerable to these attacks. They also tested two smartphones, the iPhone SE and the Pixel 3 XL, and found that they could be affected by VoltSchemer in different ways.

What are the consequences of VoltSchemer?

VoltSchemer can have three main types of consequences: voice assistant manipulation, wireless power toasting, and foreign object destruction.

  • Voice assistant manipulation: By carefully adjusting the electromagnetic interference depth, an attacker can inject inaudible voice commands that can be picked up by the smartphone’s microphone and voice assistant, such as Siri or Google Assistant. These commands can be used to perform malicious actions, such as sending messages, making calls, opening apps, or accessing sensitive information, without the user’s knowledge or consent.
  • Wireless power toasting: By injecting electrical noise into the supply voltage, an attacker can disrupt the communication between the smartphone and the charger, and cause the phone to overcharge or overheat. This can damage the battery, the circuit board, or the screen of the phone, and in some cases, cause the phone to catch fire or explode. The researchers were able to overheat the iPhone SE to 80°C and the Pixel 3 XL to 54°C, which are above the safe operating temperatures of these devices.
  • Foreign object destruction: By tricking the wireless charger into thinking that it is charging another wireless charger, an attacker can bypass the foreign object detection mechanism that is supposed to prevent power transfer to incompatible devices. This can result in intense magnetic fields that can damage or destroy any metallic objects that are placed on or near the wireless charger, such as USB drives, car keys, passports, or laptops. The researchers were able to melt paper clips, erase data on SSDs and USB drives, and disable RFID tags on passports, at temperatures up to 280°C.

How can you protect yourself from VoltSchemer?

The researchers who discovered VoltSchemer have notified the manufacturers of the wireless chargers and smartphones that they tested, and suggested some possible countermeasures to prevent or mitigate these attacks. These include:

  • Adding hardware or software filters to reduce the impact of voltage noise on the Qi communication system.
  • Implementing more robust authentication and encryption protocols between the wireless charger and the smartphone.
  • Enhancing the foreign object detection mechanism to detect and reject abnormal power requests.
  • Educating users about the potential risks of wireless charging and the best practices to avoid them.

However, until these countermeasures are widely adopted, users should be cautious about using wireless chargers, especially in public or untrusted places. Users should also monitor their phone’s temperature and battery level while charging, and remove any unnecessary or valuable items from the vicinity of the wireless charger.

Leave a Reply

Your email address will not be published. Required fields are marked *