A group of cybersecurity experts from the University of Florida, in collaboration with security audit firm CertiK, have unveiled a concerning discovery regarding potential cyberattacks that could lead to smartphones catching fire through flaws in wireless charging. The comprehensive details of their research and findings are documented in a paper available on the arXiv preprint server.
You’re probably familiar with wireless charging. Facilitated by inductive chargers it eliminates the need for physical cable connections when topping up smartphones or other devices. This process relies on electromagnetic fields for energy transfer through induction. To ensure proper charging, a smartphone must communicate with the charger utilizing a Qi communication-based feedback control system. The wireless charger connects to an AC outlet but indirectly through an adapter or a “brick”. It is within this adapter connection that the researchers identified vulnerabilities in the system.
Their tests revealed that attaching an intermediary device to the adapter could disrupt the Qi communication-based feedback control system. This disruption generates signals capable of overriding controls designed to prevent overcharging, subsequently leading to overheating and, in extreme cases, causing a fire. The researchers have coined such an attack as a "VoltSchemer."
The research team delineated three potential attack scenarios associated with a VoltSchemer. These include the manipulation of a charger to control voice assistants through inaudible voice commands, causing damage to devices through overcharging or overheating, and bypassing Qi-standard specified foreign-object-detection mechanisms to harm valuable items exposed to intense magnetic fields.
Their experimentation involved various wireless chargers and phones, all of which demonstrated vulnerabilities. The researchers have taken proactive steps by notifying manufacturers, anticipating that necessary modifications will be implemented to address these vulnerabilities and safeguard consumers from potential VoltSchemer attacks.
Commentaires