Wireless charging has become popular in recent years for portable electronics such as smartphones and smart watches due to its convenience. The existing wireless charging Qi standard has integrated measures to protect systems’ security. However in a recent paper, Dr. Shuo Wang and his team have disclosed hidden security and privacy vulnerabilities of smartphone wireless charging systems when they are under intentional electromagnetic interference (IEMI) attacks.
The paper, “VoltSchemer: Use Voltage Noise to Manipulate Your Wireless Charger,” has been accepted for USENIX Security ‘24.
VoltSchemer is an attack using voltage noise at the power supply to take full control of wireless chargers. The critical vulnerability enabling VoltSchemer is that changes in the input DC bus voltage can be converted to the voltage changes on the charger’s transmitter coil. Because the transmitter coil not only transmits power to the devices under charging but also transmits or receives data via in-band frequency or amplitude modulations, this effect has a straightforward impact not only on the power transmitted but also on the data exchanged with the device under charging. Exploiting this vulnerability, VoltSchemer can trick a charger into transferring power to metallic foreign objects, igniting or destroying nearby objects using extensively high temperatures. Besides, VoltSchemer can also manipulate a wireless charger to emanate an amplitude-modulated strong magnetic field, which can further inject inaudible voice commands into the voice assistant in a device under charging.
The research result has garnered significant attention from both industries and the media. The work has been widely reported by many media including:
- Apple Podcasts, Smashing Security: Wireless charging woe, AI romance apps, and ransomware revisited on Apple Podcasts
- Kaspersky: VoltSchemer: attacks on wireless chargers through the power supply | Kaspersky official blog
- PC Gamer: Researchers have figured out how to hack a wireless charger to fry your phone and heat objects around it to 280°C, so that’s just wonderful | PC Gamer
- Microsoft Network: How hackers can use small devices to attack your wireless charger (msn.com)
- Dark Reading: ‘VoltSchemer’ Hack Allows Wireless Charger Takeovers (darkreading.com)
- Tech Radar: This wireless charger cyberattack could literally set your phone on fire | TechRadar
- Security Week: Researchers Devise ‘VoltSchemer’ Attacks Targeting Wireless Chargers – SecurityWeek
- Bleeping Computer: VoltSchemer attacks use wireless chargers to inject voice commands, fry phones (bleepingcomputer.com)
- Hackster: The VoltSchemer Charger Attack Can Fry Your Phone, Credit Cards, Passport, and Even Whisper to Siri – Hackster.io
- Cybersecurity News: VoltSchemer – Wireless Charger Attack Boils Phone & Injects Commands (cybersecuritynews.com)
- Cyber Talk: Wireless chargers inject voice commands, damage phones – CyberTalk
- Tech Times: Newly-Found Cyberattack Can Set Your Smartphone on Fire: Here’s How | Tech Times
- Make Use Of: VoltSchemer Attacks Can Melt Your Phone, but How Likely Is It? (makeuseof.com)
- IT Security Wire: VoltSchemer Attacks Target Wireless Chargers (itsecuritywire.com)