This wireless charger cyberattack could literally set your phone on fire

Date:
Wed, 21 Feb 2024 18:57:44 +0000

Description:
Wireless chargers are fast becoming a cool and convenient way to charge smartphones - but VoltSchemer exploit isnt cool, its 536F (280C).

FULL STORY ======================================================================

New research published by researchers at the University of Florida and Web3 security audit company CertiK has revealed a new form of cyberattack that could set your smartphone on fire via its wireless charger.

The terrifying academic paper claims to have uncovered vulnerabilities in the way wireless chargers are manufactured, exposing them to intentional electromagnetic interference (IEMI) from threat actors.

A set of cyberattacks christened by the authors as VoltSchemer allows for inaudible voice commands to be sent remotely and control the target devices voice assistant, overcharging of batteries and overheating of a device
itself, and even damage nearby items close to the wireless chargers, such as USB sticks, car fobs and SSDs inside laptops. VoltSchemer in simple terms

Researchers tested nine best-selling wireless chargers from brands like Anker and Phillips, and found security vulnerabilities in all of them while using two test devices: Apples iPhone SE and Googles Pixel 3 XL.

Essentially, these attacks are made possible by reading the input voltage of
a charger and then manipulating it. Voltage manipulation doesnt require a hardware or software modification to either the charger or software to work, just putting a device purpose-built to do that between the two, making VoltSchemer especially dangerous.

Some of this genuinely seems like black magic. For instance, by carefully manipulating the electromagnetic interference depth, the researchers could inject voice commands that are inaudible to human ears but understood by the smartphones microphone and voice assistant without interrupting power
transfer from a wireless charging pad.

Scorching devices, or Wireless Power Toasting as the researchers call it, is achieved by injecting electrical interference into the supply voltage: giving attackers control over the voltage passed between charger and smartphone

While the latest smartphones are able to terminate the charging process and shut down apps as well as the device itself in case of overheating, researchers were able to use electrical interference to disrupt communication between the smartphones and chargers in testing.

And perhaps the most impressive attack, Foreign Object Destruction, involves tricking the wireless charger, via packet injection, that it itself is a device capable of wireless charging - allowing for it to transfer power without a compatible smartphone present, to any metallic device nearby.

Researchers were able to finagle their way past various checks and balances
to then adjust the power transfer rate beyond safe levels.

Its at this point that we get to the real science: melting expensive stuff. Per the paper, data on SSDs and USB drives, documents affixed to paper clips, and RFID-tagged passports and other NFC-enabled devices were all destroyed at temperatures up to 536F/280C, with the researchers noting that, in daily use, its very easy to accidentally place items like these on a charging pad. VoltSchemers implications

Fascinating stuff and pretty dangerous stuff all round, then, but should we
be worried? Well, thats hard to answer with a simple yes or no.

VoltSchemer may be multifaceted and covert, but its not the first set of wireless charging vulnerabilities: others have had names as grotesque as Wormheart and Parasite.

As the paper itself states, the point for concern should be that VoltSchemer is comparatively easier to set up than its predecessors: wireless chargers dont require custom firmware unique to the manipulation attack method, or physical modification to the charger, through such means as placing adversarial coils on the pad which, beyond being cumbersome, makes the attack less stealthy.

However, the saving grace of this abomination is that it was devised by security researchers, publishing their findings for the benefit of keeping others safe. The researchers have included countermeasures, and disclosed their findings to relevant vendors. None of what they found is good, but the information should be in safe hands now.

The paper also makes clear that wired charging cables are prone to its own vulnerabilities. However, they too have to be modified, and plugging a device in physically is at least a deliberate act, so, if youre getting paranoid, wires could be a safer bet.

Via BleepingComputer More from TechRadar Pro This nasty new Android malware can easily bypass Google Play security and it's already been downloaded thousands of times University of Cambridge apparently suffering DDoS attack - and it isn't the only one affected Weve also listed the best rugged phones right now



======================================================================
Link to news story: https://www.techradar.com/pro/security/this-wireless-charger-cyberattack-could -literally-set-your-phone-on-fire


--- Mystic BBS v1.12 A47 (Linux/64)
* Origin: tqwNet Technology News (1337:1/100)