A team of academic researchers has uncovered a new set of attacks named ‘VoltSchemer’ that exploit wireless chargers to manipulate smartphone voice assistants using magnetic fields. These attacks, detailed in a technical paper from the University of Florida and CertiK, demonstrate the ability to inject voice commands and induce physical damage to devices and nearby items by leveraging electromagnetic interference. VoltSchemer takes advantage of vulnerabilities in wireless charging systems, utilizing voltage manipulation to disrupt communication between the charging station and the smartphone.
The researchers conducted experiments on nine popular wireless chargers, revealing vulnerabilities that could be exploited to compromise charging systems and manipulate voice assistants. Through careful manipulation of voltage fluctuations, attackers can interfere with the charging process, leading to overcharging and overheating of smartphones. Additionally, VoltSchemer enables attackers to bypass safety mechanisms defined by Qi standards, initiating energy transfer to nearby non-supported items, potentially causing damage or data loss.
Moreover, VoltSchemer poses risks beyond device overheating and data loss, as attackers could inject inaudible voice commands to voice assistants such as Siri and Google Assistant. While this attack vector may have limitations and require a certain level of skill from the attacker, it highlights the potential for malicious actors to exploit vulnerabilities in charging station design and communication protocols. The findings underscore the urgent need for improved security measures in wireless charging systems to mitigate the risks associated with electromagnetic interference and protect against VoltSchemer attacks.
