New Type of Cyberattack Uses Wireless Charger to Set Your Smartphone on Fire

This post is also available in: עברית (Hebrew)

Security experts from the University of Florida worked with CertiK and found a certain class of cyberattacks that could cause a smartphone to catch fire through its wireless charger, published in a paper on the arXiv preprint server.

According to Techxplore, wireless or inductive chargers are devices that can be used to charge a device without plugging in a cable, and they work by using electromagnetic fields to transfer energy from one device to another through induction. For a smartphone to be properly charged using such a device it has to communicate with the charger through a Qi communication-based feedback control system, and for a wireless charger to work it has to be connected to an AC outlet.

However, the charger (like a phone) can’t plug directly into the wall but rather plugs into an adapter – which according to the researchers is the vulnerability of the system. They tested and found that disruptions can be made to the Qi communication-based feedback control system by attaching an intermediary device to the adapter, resulting in signals that can override controls that stop overcharging – this leads to overheating and could even cause a fire. The researchers dubbed such an attack a “VoltSchemer.”

The paper details three types of attacks that can occur with a VoltSchemer: “A charger can be manipulated to control voice assistants via inaudible voice commands, damage devices being charged through overcharging or overheating, and bypass Qi-standard specified foreign-object-detection mechanism to damage valuable items exposed to intense magnetic fields.”

After testing various different types of wireless chargers and phones, the researchers found they were all vulnerable. They reportedly notified the manufacturers and expressed their hope that the companies will implement changes to overcome these vulnerabilities and protect consumers from VoltSchemer attacks.