A team of cybersecurity experts from the University of Florida, collaborating with CertiK, a security audit company, has unearthed a concerning vulnerability in wireless charging technology that could potentially ignite smartphones. Their findings, detailed in a paper published on the arXiv preprint server, shed light on a class of cyberattacks capable of exploiting flaws in the Qi communication-based feedback control system utilized by inductive chargers.
Inductive chargers, which eliminate the need for cable connections by transferring energy through electromagnetic fields, rely on seamless communication between the charger and the smartphone. However, the researchers identified a critical vulnerability stemming from the adapter used to connect the wireless charger to an AC outlet. By introducing an intermediary device to the adapter, dubbed a “VoltSchemer,” attackers can manipulate the Qi communication system, overriding controls designed to prevent overcharging and overheating.
The team’s research delineates three potential attack scenarios facilitated by the VoltSchemer. These include the ability to manipulate voice assistants via inaudible commands, inflict damage on devices by inducing overcharging or overheating, and circumvent foreign-object-detection mechanisms specified in the Qi standard, thereby exposing valuable items to harmful magnetic fields.
Extensive testing conducted across various wireless chargers and smartphones corroborated the universality of the vulnerability, prompting the researchers to notify manufacturers. Anticipating swift remedial action, they advocate for measures to fortify the security of wireless charging systems, mitigating the risk of VoltSchemer attacks and safeguarding consumers from potential hazards.
As manufacturers address these vulnerabilities, ensuring robust security protocols in wireless charging technology becomes paramount to preempting malicious exploitation and upholding consumer safety standards.