VoltSchemer attack uses wireless chargers to enter voice commands and damage devices

Researchers from the University of Florida and CertiK unveiled a series of VoltSchemer assaults aimed at wireless charging systems. These assaults can hijack smartphone voice assistants and circumvent Qi security protocols to overheat and potentially harm adjacent objects (by elevating their temperature to over 280 degrees Celsius).

VoltSchemer represents a method that leverages electromagnetic disturbances to influence charger behavior. The research team examined nine top-selling wireless chargers globally and discovered various susceptibilities in these devices.

Wireless chargers employ electromagnetic fields for energy transmission between two objects, relying on electromagnetic induction. The researchers discovered that attackers could manipulate the voltage supply to the charger and tweak voltage fluctuations (noise) to generate interference that can alter the properties of the magnetic fields produced. This interference disrupts the normal data exchange between the charging station and the smartphone, which utilizes microcontrollers to oversee the charging process, distorting the signal and corrupting the transmitted data with high precision.

It is highlighted that such manipulations can be executed using an intermediary device, meaning the attacker does not need to physically alter the charging station or infect the victim’s smartphone with specific malware.

VoltSchemer technique exploits wireless chargers for voice command injection and device damage

Malicious intermediary devices capable of creating the necessary voltage fluctuations can be anything. The researchers suggest that such a device could be camouflaged as a promotional accessory or some other used product.

VoltSchemer technique exploits wireless chargers for voice command injection and device damage

Essentially, VoltSchemer exploits vulnerabilities in the hardware of wireless charging stations and the protocols governing data transmission. Experts outline three potential attack vectors, including overheating, circumventing Qi security standards, and injecting voice commands into a charging smartphone.

The VoltSchemer attack leverages wireless chargers to input voice commands and damage devices

The first attack relates to the design of smartphones, which are programmed to halt charging immediately after the battery is fully charged, a status they communicate to the charging station to reduce or completely stop the power supply. However, VoltSchemer can disrupt this communication, forcing the charger to maintain maximum power, leading to overcharging and overheating of the smartphone, posing a significant threat and potentially causing ignition.

Researchers note that during one test, the smartphone initiated an emergency shutdown at a temperature of 76.7 degrees Celsius. Still, the energy transfer continued, eventually stabilizing at a high mark of 81 degrees Celsius.

The VoltSchemer attack leverages wireless chargers to input voice commands and damage devices

The second type of VoltSchemer attack allows for the bypassing of Qi standard protective mechanisms and the initiation of energy transfer to nearby objects near the charging station. Examples cited in the report include car key fobs, USB drives, RFID and NFC chips used in payment cards and access control systems, and SSD drives in laptops.

In experimenting with this type of attack, researchers heated a paper clip to a temperature of 280 degrees Celsius, more than enough to ignite paper. Electronic devices are not designed to withstand such temperatures and can be irreversibly damaged. For instance, a battery exploded in a car key fob, destroying the device, while attacks on USB and SSD drives resulted in data loss.

VoltSchemer attack exploits wireless chargers for voice command injection and device damage

The third type of attack involves transmitting voice commands, inaudible to the human ear, to iOS (Siri) and Android (Google Assistant) assistants. Researchers demonstrated that signals transmitted within the range of the charging station can be used to create a series of voice commands, resulting in actions such as initiating a voice call, opening a website, or launching an application.

However, this attack has several limitations that make it practically infeasible in real life. For example, the attacker would first need to record the victim’s voice commands and then inject them, mixing them with the output signal of the charging device.

“The main issue with our attacks is the insufficient suppression of interference in certain frequency ranges. This flaw makes all wireless charging technologies potentially vulnerable to attacks, especially powerful systems like wireless electric vehicle charging,” write the experts.

The report concludes by stating that the researchers have communicated their findings to the manufacturers of the tested charging stations and discussed protective measures that could mitigate the risks associated with VoltSchemer. However, details about these countermeasures are not yet disclosed.

0 / 5

Your page rank:


Subscribe: YouTube page opens in new windowLinkedin page opens in new windowTelegram page opens in new window

Leave a Reply

Your email address will not be published. Required fields are marked *

Post comment