It’s like something from a Sci-Fi movie; researchers have discovered a way to overcharge wirelessly charging phones and heat them to 80C/176F. Voltschemer could cause your phone to explode, but what’s the likelihood of that actually happening?
What Is VoltSchemer?
TheVoltSchemer: Use Voltage Noise to Manipulate Your Wireless Charger[PDF] report explains that VoltSchemer is a special attack affecting your phone’s wireless charger. The idea is that an attacker can manipulate your phone in specific ways while it sits atop your charger.
VoltSchemer can perform different attacks depending on how the malicious agent uses it, but the most worrying is the ability to overheat a smartphone. This could cause the phone to break, suffer data loss, or even pose a severe fire risk.
It’s important to note that VoltSchemer was invented and tested by researchers, not criminals. At the time of writing, there has yet to be a real-world example of a VoltSchemer attack. It’s also important to note that this requires special power supply modification; in normal circumstances,wireless charging doesn’t damage your phone.
How Does VoltSchemer Work?
VoltSchemer works through a compromised power outlet modified to tweak the voltage it delivers to the wireless charger. The goal is to tune the voltage in a way where it creates “noise” which can interfere with your phone.
Researchers managed some impressive things with this discovery. For one, they tweaked the outlet’s voltage to transmit a voice signal that enters the phone’s microphone circuits through the magnetic field that the charger emits. This allowed the researchers to send voice commands to a phone on the charger without making a humanly audible sound.
How Researchers Caused Phones to Overheat With VoltSchemer
However, Voltschemer’s scariest “feature” interrupts the process where the phone and the wireless charger “speak” to one another. If you’ve ever wondered how your wireless charger “knows” when your phone finishes charging, it can send tiny data packets to the charger, updating it on how charged it is.
The phone regulates how much power the charger gives it using a Control Error (CE) packet and tells it to terminate the charge once it’s full via an End Power Transfer (EPT) packet. However, the voltage modification attack interrupts how the phone talks to the wireless charger.
To do this, the researchers made a voltage signal that did two things. First, it blocked the phone’s CE and EPT packets, so the phone no longer had control over how much power it was taking in. Second, the signal bombarded the wireless charger with packets, telling it to continue sending a charge to the phone.
When the researchers tested the attack, the phone would charge to maximum and send an EPT packet to tell the charger it was done. The voltage noise would block this and tell the charger to keep going. As a result, the phone sat hapless as it begged the charger to stop feeding it more power while it kept getting the signal to go full bore.
The excess power caused the phone to heat up, with a thermal camera recording a surface temperature of 179F/81C. The charger continued charging even when the phone shut itself down due to overheating. The researchers surmised that this attack creates a fire risk due to the phone’s heat catching something on fire or the battery exploding from the stress. And yes,smartphone batteries can explodeif incorrectly handled.
VoltSchemer Works on Other Devices, Too
Image Credit:VoltSchemer: Use Voltage Noise to Manipulate Your Wireless Charger
VoltSchemer: Use Voltage Noise to Manipulate Your Wireless Charger
After the phone, the researchers experimented with different items by placing them on the charger and forcing it to output energy at maximum capacity. Paper clips would overheat, potentially igniting any documents they’re attached to. USB and SDD drives suffered damage and memory loss, and passports with RFID tags had their data destroyed.
However, the most spectacular victims were key fobs:
Key Fob: Upon initiating power transfer to a car key fob placed on the charging pad, the battery inside reached a critical temperature. As a result, the key fob didn’t merely overheat. Instead, it detonated and caused the disintegration of the device in an explosive display.
This shows that the VoltSchemer attack doesn’t work just on phones; by forcing the charger to output its maximum, any electrical or metal object could be affected.
How Likely Is a VoltSchemer Attack?
It’s scary to think your phone could become a miniature explosive device. However, before you start eyeing your wireless charger with distrust, some key elements of this attack show you just how unlikely it is that you’ll face a VoltSchemer attack.
Modified Power Outlets
To start, VoltSchemer attacks cannot be carried out remotely. The attacker must modify the power outlet to output the specific voltage required for the attack to work. As such, the attacker must physically enter your home and change your sockets for Voltschemer to work.
It Doesn’t Do Anything for the Attacker
If we assume that somebody is dedicated enough to replace a power socket, the question becomes: why would anyone do this? VoltSchemer doesn’t aid the attacker in any way; they risk capture for potentially making your phone hot.
If someone gains access to your home, they’d get more value from stealing your phone. At least then, they’ll have hardware and data to sell, which makes the venture worthwhile. As such, you should focus onbeating smartphone thievesrather than preparing for a VoltSchemer attack.
Researchers Performed VoltSchemer in a Lab
Recreating phone signals through a power outage’s voltage noise is extremely complicated. To set it up, the attacker needs expert knowledge of how wireless chargers use voltage and how to manipulate it to do what they want.
The report only surfaced because some very talented researchers had all the time and hardware they needed to create it. In the real world, it’d be extremely difficult for someone to recreate the attack themselves.
