A team of security experts at the University of Florida working with security audit company CertiK has found that a certain class of cyberattacks could cause a smartphone to catch fire via its wireless charger. The team has posted a paper describing their research and results on the arXiv preprint server.
@[email protected]
link
fedilink
English
2010M

Talk about a burner phone 😎☀️ Aaaaaeeeoooowwww

Perhaps worth pointing out that the attacks require the attacker to position a piece of hardware between the Qi charger and the power source.

Is that piece of hardware a bic lighter

jan teli
link
fedilink
710M

Could be

Gravitywell
link
fedilink
2510M

According to the researchers, “A charger can be manipulated to control voice assistants via inaudible voice commands, damage devices being charged through overcharging or overheating, and bypass Qi-standard specified foreign-object-detection mechanism to damage valuable items exposed to intense magnetic fields.”

So if someone swaps your Qi charger for a malicious one they can ruin your phone (or some other device it’s supposed to detect as not a phone ?) and maybe execute arbitrary voice commands… 🥱

Malicious charger:

I don’t really get how they consider this a meaningful attack vector at all. Of course I can set the phone on fire if I can replace the charger - that’s pretty much always going to be true and there’s no reasonable way to fix it. The only possible use I see is to do it when someone is not intentionally charging their phone, e.g. holding a malicious charger close enough when they have the phone in their pocket.

@[email protected]
link
fedilink
English
110M

Well now all we need is internet connected chargers with dodgy security…

firefly
link
fedilink
-110M

Let’s pray they don’t find a way to detonate the batteries!

@[email protected]
creator
link
fedilink
510M

As in older iPhones? Without the need of an malicious charger

Chahk
link
fedilink
410M

Also Samsung Note 7 was da bomb!

@[email protected]
creator
link
fedilink
310M

It is the result of, to make the phone thinner, putting a battery that is too thin for the necessary power and therefore it gets too hot. It happens when the design is governed by the commercial demands of managers rather than those of technicians.

moosetwin
link
fedilink
English
510M

this is unrelated but that is a really nice diagram

@[email protected]
link
fedilink
English
510M

A charger can be manipulated to control voice assistants via inaudible voice commands…

This seems like the scarier attack, to be honest…

Though, surely there’s filtering that can be performed to prevent that as an attack vector

Skull giver
link
fedilink
310M

deleted by creator

@[email protected]
link
fedilink
English
110M

Right, and Google uses those frequencies to pair Chromecasts - my point was that if they’re using it (and aware of it), surely they have a way to detect (and filter) it.

Skull giver
link
fedilink
110M

deleted by creator

@[email protected]
link
fedilink
English
810M

If feel this is (unintentionally) stretching the use of the word cyberattack. Rightly or wrongly, most people consider a cyberattack a form of hacking/attack that’s executed via a network or the internet.

I know its true definition any form of attack against data, network, or computing device (including smartphones), but this headline could easily lead people to think their phones could be set on fire by some anonymous l337 hAx0r over the internet.

While technically true, it requires physical exploit first.

@[email protected]
creator
link
fedilink
310M

Anyway it isn’t a good idea to use a cheap charger with unknown brand, or one which isn’t the own one at home.

Joe Breuer
link
fedilink
210M

So… Considering necessary access, it’s a quarter step above “cooking a phone in a microwave oven might catch it on fire”, IMO.

Create a post

This is the official technology community of Lemmy.ml for all news related to creation and use of technology, and to facilitate civil, meaningful discussion around it.


Ask in DM before posting product reviews or ads. All such posts otherwise are subject to removal.


Rules:

1: All Lemmy rules apply

2: Do not post low effort posts

3: NEVER post naziped*gore stuff

4: Always post article URLs or their archived version URLs as sources, NOT screenshots. Help the blind users.

5: personal rants of Big Tech CEOs like Elon Musk are unwelcome (does not include posts about their companies affecting wide range of people)

6: no advertisement posts unless verified as legitimate and non-exploitative/non-consumerist

7: crypto related posts, unless essential, are disallowed

  • 1 user online
  • 33 users / day
  • 134 users / week
  • 301 users / month
  • 2.32K users / 6 months
  • 1 subscriber
  • 3.01K Posts
  • 43.3K Comments
  • Modlog