Wireless charging, epitomized by the widespread Qi standard, has been marketed as a secure and convenient alternative to wired charging, largely immune to data-based attacks that plague USB connections. The VoltSchemer research shatters this assumption, revealing a fundamental vulnerability in the power delivery chain itself. This paper demonstrates that by modulating the voltage supplied to a Commercial Off-The-Shelf (COTS) wireless charger, an attacker can induce intentional electromagnetic interference (IEMI) that manipulates the charger's operation, bypassing its security protocols and enabling a suite of powerful physical and cyber-physical attacks.
Understanding VoltSchemer requires a grasp of the Qi ecosystem's perceived security and the novel threat model introduced.
The Qi standard by the Wireless Power Consortium (WPC) uses near-field magnetic induction for power transfer. Security is enforced through in-band communication, where the charger and device exchange control packets by modulating the power signal itself. Critical safety features include Foreign Object Detection (FOD) to prevent heating of metallic objects and negotiated power levels to prevent overcharging.
The attacker's goal is to subvert the wireless charger's intended behavior. The core assumption is that the attacker can control or replace the power adapter (AC-DC converter) supplying the charger. This is a realistic threat in public spaces (airports, cafes) or via compromised/ malicious charging stations. No physical modification to the charger or device is required.
VoltSchemer exploits the non-ideal isolation between the power input and the transmitter coil's control circuitry.
The attacker generates a carefully crafted voltage noise signal $V_{noise}(t)$ and superimposes it onto the DC supply voltage $V_{dc}$ using a purpose-built circuit. This noisy supply $V_{supply}(t) = V_{dc} + V_{noise}(t)$ is fed to the wireless charger. Due to electromagnetic interference (EMI) and power supply rejection ratio (PSRR) limitations in the charger's circuitry, this noise propagates to and modulates the current in the transmitter coil.
Qi communication relies on amplitude modulation of the power signal. By shaping $V_{noise}(t)$, the attacker can mimic or overwrite legitimate communication packets. The injected noise creates sideband frequencies that interfere with the demodulation process at the receiver (phone), allowing the injection of malicious Qi packets or the disruption of legitimate ones.
The attack can be modeled as a signal injection problem. The transmitter coil current $I_{tx}(t)$ is a function of the driver circuit's input, which is corrupted by the supply noise. A simplified representation: $I_{tx}(t) = f(V_{dc} + \alpha \cdot V_{noise}(t), C(t))$, where $f$ is the charger's transfer function, $\alpha$ is the coupling coefficient representing noise susceptibility, and $C(t)$ are legitimate control signals. The attacker designs $V_{noise}(t)$ to achieve a desired malicious $I_{tx}(t)$ that corresponds to forged Qi messages (e.g., "FOD passed", "increase power").
The research concretizes the threat through three practical attacks.
9/9
Top-selling COTS chargers vulnerable
3
Distinct, high-severity attack vectors demonstrated
The modulated magnetic field can induce tiny voltages in a smartphone's internal audio circuitry. By encoding voice commands in the ultrasonic range (>20 kHz), VoltSchemer can trigger voice assistants (Google Assistant, Siri) without user awareness, leading to device compromise, data exfiltration, or smart home control.
By forging Qi communication packets, the attacker can instruct the charger to ignore the device's "End Power Transfer" signal or to deliver power beyond negotiated limits. This can cause severe battery degradation, swelling, or in extreme cases, thermal runaway and fire.
This is the most insidious attack. FOD is a critical safety feature that detects parasitic power loss (e.g., to a coin or key) and shuts down. VoltSchemer can inject packets that falsely report high power transfer efficiency, tricking the charger into operating at full power with a foreign object present, creating an intense localized heating hazard.
The team tested 9 best-selling Qi chargers from brands like Anker, Belkin, and Samsung. The attack setup consisted of a programmable power supply to generate $V_{noise}(t)$, the target charger, and various victim devices (smartphones, key fobs, USB drives).
All 9 chargers were susceptible to at least one attack vector. Voice command injection succeeded on devices placed on the charger. Overcharging attacks were able to force continuous charging cycles. FOD bypass was successfully demonstrated, heating a house key to over 280°C (536°F) in minutes—a clear fire ignition risk.
Figure 1: Temperature Rise during FOD Bypass Attack. A line chart would show time on the X-axis and temperature (°C) on the Y-axis. The line for a metal object (e.g., a key) would show a steep, near-linear increase from room temperature to over 280°C within 3-5 minutes when the FOD is bypassed, while the line for a legitimate charging session would remain flat or show a mild increase.
Figure 2: Voltage Noise Spectrum for Command Injection. A frequency-domain plot showing the attacker's injected noise signal $V_{noise}(f)$. Peaks would be visible in the ultrasonic band (e.g., 20-24 kHz), corresponding to the modulated voice command, alongside lower-frequency components used to manipulate Qi packet timing.
Case: Public Charging Station Compromise. An attacker replaces the power adapter in a public wireless charging pad at an airport with a malicious one. The adapter appears normal but contains a microcontroller that generates VoltSchemer signals.
This framework highlights the multi-vector, automated potential of the attack in a real-world scenario.
The paper suggests several defenses:
VoltSchemer opens a new domain of hardware security research:
VoltSchemer isn't just another bug; it's a systemic failure in the security model of wireless charging. The industry's myopic focus on defending the data path (removed in wireless) blinded it to the physical power path as an attack vector. This research proves that in cyber-physical systems, any energy channel can be weaponized for communication and control—a principle echoed in earlier works like PowerHammer (exfiltration via power lines) but now applied destructively to safety-critical hardware. The assumption that "no direct connection equals higher security" has been decisively debunked.
The attack logic is elegant in its simplicity: 1) Identify the Channel: The DC power input is a trusted, unauthenticated conduit. 2) Exploit Coupling: Leverage inevitable analog imperfections (EMI, poor PSRR) to translate voltage noise into magnetic field modulation. 3) Subvert the Protocol: Map this control over the magnetic field onto the in-band communication layer of the Qi standard. 4) Execute Payloads: Use this control to violate the three core guarantees of wireless charging: data isolation, negotiated power transfer, and foreign object safety. The flow from physical phenomenon to protocol breach is seamless and terrifyingly effective.
Strengths: The research is exceptionally practical. Attacking 9 COTS devices demonstrates immediate, real-world relevance, not just theoretical risk. The multi-vector demonstration (privacy, integrity, safety) shows comprehensive impact. The attack requires no device-side exploit, making it scalable.
Flaws & Open Questions: While the proof-of-concept is solid, the paper underplays the attacker's need for precise charger-specific tuning. The "malicious power adapter" must be engineered for a specific charger model's noise susceptibility ($\alpha$), which requires reverse-engineering. How scalable is this in practice against a diverse ecosystem? Furthermore, the discussion of countermeasures is preliminary. Would out-of-band authentication, as suggested, simply add cost and complexity, or is it the only viable long-term fix? The paper could engage more deeply with the economic and standardization hurdles to mitigation.
For the industry, the time for complacency is over. Manufacturers must immediately audit their designs for power supply noise immunity, treating the DC input as a potential attack surface. Component-level hardening with better filters is a non-negotiable short-term fix. The Wireless Power Consortium (WPC) must treat this as a critical-path issue for the next Qi specification. Mandating signal authentication or integrity checks for FOD and power control packets is essential. Relying solely on in-band communication for safety is now proven flawed. Enterprise & Public Venue Operators should audit public charging stations, ensuring power adapters are physically secured and considering a move towards user-provided power (e.g., USB-C PD) for public charging pads. As an analyst, I predict regulatory scrutiny will follow; the CPSC (Consumer Product Safety Commission) and equivalent bodies globally will take note of the fire hazard demonstrated. VoltSchemer has redrawn the attack surface map for the IoT world—ignoring it is a profound liability.