A team of security experts at the University of Florida working with security audit company CertiK has found that a certain class of cyberattacks could cause a smartphone to catch fire via its wireless charger. The team has posted a paper describing their research and results on the arXiv preprint server.
According to the researchers, “A charger can be manipulated to control voice assistants via inaudible voice commands, damage devices being charged through overcharging or overheating, and bypass Qi-standard specified foreign-object-detection mechanism to damage valuable items exposed to intense magnetic fields.”
So if someone swaps your Qi charger for a malicious one they can ruin your phone (or some other device it’s supposed to detect as not a phone ?) and maybe execute arbitrary voice commands… 🥱
I don’t really get how they consider this a meaningful attack vector at all. Of course I can set the phone on fire if I can replace the charger - that’s pretty much always going to be true and there’s no reasonable way to fix it. The only possible use I see is to do it when someone is not intentionally charging their phone, e.g. holding a malicious charger close enough when they have the phone in their pocket.
You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: [email protected]
This is the official technology community of Lemmy.ml for all news related to creation and use of technology, and to facilitate civil, meaningful discussion around it.
Ask in DM before posting product reviews or ads. All such posts otherwise are subject to removal.
Rules:
1: All Lemmy rules apply
2: Do not post low effort posts
3: NEVER post naziped*gore stuff
4: Always post article URLs or their archived version URLs as sources, NOT screenshots. Help the blind users.
5: personal rants of Big Tech CEOs like Elon Musk are unwelcome (does not include posts about their companies affecting wide range of people)
6: no advertisement posts unless verified as legitimate and non-exploitative/non-consumerist
7: crypto related posts, unless essential, are disallowed
So if someone swaps your Qi charger for a malicious one they can ruin your phone (or some other device it’s supposed to detect as not a phone ?) and maybe execute arbitrary voice commands… 🥱
I don’t really get how they consider this a meaningful attack vector at all. Of course I can set the phone on fire if I can replace the charger - that’s pretty much always going to be true and there’s no reasonable way to fix it. The only possible use I see is to do it when someone is not intentionally charging their phone, e.g. holding a malicious charger close enough when they have the phone in their pocket.
Well now all we need is internet connected chargers with dodgy security…
Malicious charger: