Perhaps worth pointing out that the attacks require the attacker to position a piece of hardware between the Qi charger and the power source.
Is that piece of hardware a bic lighter
Could be
According to the researchers, “A charger can be manipulated to control voice assistants via inaudible voice commands, damage devices being charged through overcharging or overheating, and bypass Qi-standard specified foreign-object-detection mechanism to damage valuable items exposed to intense magnetic fields.”
So if someone swaps your Qi charger for a malicious one they can ruin your phone (or some other device it’s supposed to detect as not a phone ?) and maybe execute arbitrary voice commands… 🥱
Malicious charger:
I don’t really get how they consider this a meaningful attack vector at all. Of course I can set the phone on fire if I can replace the charger - that’s pretty much always going to be true and there’s no reasonable way to fix it. The only possible use I see is to do it when someone is not intentionally charging their phone, e.g. holding a malicious charger close enough when they have the phone in their pocket.
Well now all we need is internet connected chargers with dodgy security…
Talk about a burner phone 😎☀️ Aaaaaeeeoooowwww
If feel this is (unintentionally) stretching the use of the word cyberattack. Rightly or wrongly, most people consider a cyberattack a form of hacking/attack that’s executed via a network or the internet.
I know its true definition any form of attack against data, network, or computing device (including smartphones), but this headline could easily lead people to think their phones could be set on fire by some anonymous l337 hAx0r over the internet.
While technically true, it requires physical exploit first.
Anyway it isn’t a good idea to use a cheap charger with unknown brand, or one which isn’t the own one at home.
this is unrelated but that is a really nice diagram
A charger can be manipulated to control voice assistants via inaudible voice commands…
This seems like the scarier attack, to be honest…
Though, surely there’s filtering that can be performed to prevent that as an attack vector
Using ultrasonic frequencies to induce vibration and transfer sound humans can’t hear to voice assistants has been demonstrated a fee years ago. With the right equipment (nothing you can’t find on AliExpress) this isn’t too difficult.
With modern smart assistants, you’ll also need to take the owner’s voice, though AI can do that if you record just one conversation at a decent quality.
In practice, assistants are quite useless, though. Ask them anything dangerous, such as leaking contacts or sending files, and the phone will start showing you results from Google rather than actually doing something.
You could trick the phone into opening a website with an exploit kit, but then your target needs to be vulnerable anyway, and there are other options to do that (i.e. buying ads with a very specific profile that only matches your target).
The physical harm of a fire is probably worse than anything you should expect out of a voice assistant attack.
Right, and Google uses those frequencies to pair Chromecasts - my point was that if they’re using it (and aware of it), surely they have a way to detect (and filter) it.
It’s not like WiFi is continuously sending data. Unless something is actually connecting to the WiFi networks (or downgrading the area by not being able to handle WiFi 7), the beacons are basically empty radio space. BSSIDs themselves have almost no impact on the WiFi spectrum used and you can set up hundreds of nothing APs in a room before WiFi speed degrades/should degrade by a recognisable margin. The biggest downside is that you’ll have trouble picking the right network from the hundreds of “John’s iPhone” networks in the dropdown list.
So… Considering necessary access, it’s a quarter step above “cooking a phone in a microwave oven might catch it on fire”, IMO.
Let’s pray they don’t find a way to detonate the batteries!
As in older iPhones? Without the need of an malicious charger
Also Samsung Note 7 was da bomb!
It is the result of, to make the phone thinner, putting a battery that is too thin for the necessary power and therefore it gets too hot. It happens when the design is governed by the commercial demands of managers rather than those of technicians.
