Time to Rethink the Design of Qi Standard? Security and Privacy Vulnerability Analysis of Qi Wireless Charging

Annual Computer Security Applications Conference Pub Date : 2021-12-06 DOI:10.1145/3485832.3485839

Yi Wu, Zhuohang Li, Nicholas Van Nostrand, Jian Liu

{"title":"Time to Rethink the Design of Qi Standard? Security and Privacy Vulnerability Analysis of Qi Wireless Charging","authors":"Yi Wu, Zhuohang Li, Nicholas Van Nostrand, Jian Liu","doi":"10.1145/3485832.3485839","DOIUrl":null,"url":null,"abstract":"With the ever-growing deployment of Qi wireless charging for mobile devices, the potential impact of its vulnerabilities is an increasing concern. In this paper, we conduct the first thorough study to explore its potential security and privacy vulnerabilities. Due to the open propagation property of electromagnetic signals as well as the non-encrypted Qi communication channel, we demonstrate that the Qi communication established between the charger (i.e., a charging pad) and the charging device (i.e., a smartphone) could be non-intrusively interfered with and eavesdropped. In particular, we build two types of attacks: 1) Hijacking Attack: through stealthily placing an ultra-thin adversarial coil on the wireless charger’s surface, we show that an adversary is capable of hijacking the communication channel via injecting malicious Qi messages to further control the entire charging process as they desire; and 2) Eavesdropping Attack: by sticking an adversarial coil underneath the surface (e.g., a table) on which the charger is placed, the adversary can eavesdrop Qi messages and further infer the device’s running activities while it is being charged. We validate these proof-of-concept attacks using multiple commodity smartphones and 14 commonly used calling and messaging apps. The results show that our designed hijacking attack can cause overcharging, undercharging, and paused charging, etc., potentially leading to more significant damage to the battery (e.g., overheating, reducing battery life, or explosion). In addition, the designed eavesdropping attack can achieve a high accuracy in detecting and identifying the running app activities (e.g., over 95.56% and 85.80% accuracy for calling apps and messaging apps, respectively). Our work brings to light a fundamental design vulnerability in the currently-deployed wireless charging architecture, which may put people’s security and privacy at risk while wirelessly recharging their smartphones.","PeriodicalId":175869,"journal":{"name":"Annual Computer Security Applications Conference","volume":"11 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-12-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"6","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Annual Computer Security Applications Conference","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3485832.3485839","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 6

Abstract

With the ever-growing deployment of Qi wireless charging for mobile devices, the potential impact of its vulnerabilities is an increasing concern. In this paper, we conduct the first thorough study to explore its potential security and privacy vulnerabilities. Due to the open propagation property of electromagnetic signals as well as the non-encrypted Qi communication channel, we demonstrate that the Qi communication established between the charger (i.e., a charging pad) and the charging device (i.e., a smartphone) could be non-intrusively interfered with and eavesdropped. In particular, we build two types of attacks: 1) Hijacking Attack: through stealthily placing an ultra-thin adversarial coil on the wireless charger’s surface, we show that an adversary is capable of hijacking the communication channel via injecting malicious Qi messages to further control the entire charging process as they desire; and 2) Eavesdropping Attack: by sticking an adversarial coil underneath the surface (e.g., a table) on which the charger is placed, the adversary can eavesdrop Qi messages and further infer the device’s running activities while it is being charged. We validate these proof-of-concept attacks using multiple commodity smartphones and 14 commonly used calling and messaging apps. The results show that our designed hijacking attack can cause overcharging, undercharging, and paused charging, etc., potentially leading to more significant damage to the battery (e.g., overheating, reducing battery life, or explosion). In addition, the designed eavesdropping attack can achieve a high accuracy in detecting and identifying the running app activities (e.g., over 95.56% and 85.80% accuracy for calling apps and messaging apps, respectively). Our work brings to light a fundamental design vulnerability in the currently-deployed wireless charging architecture, which may put people’s security and privacy at risk while wirelessly recharging their smartphones.

查看原文本刊更多论文

是时候重新思考Qi标准的设计了?Qi无线充电安全与隐私漏洞分析

随着Qi无线充电在移动设备上的日益普及，其漏洞的潜在影响越来越受到关注。在本文中，我们进行了第一次深入的研究，探索其潜在的安全和隐私漏洞。由于电磁信号的开放传播特性以及未加密的Qi通信通道，我们证明了在充电器(即充电板)和充电设备(即智能手机)之间建立的Qi通信可以被非侵入性地干扰和窃听。特别是，我们构建了两种类型的攻击:1)劫持攻击:通过在无线充电器表面偷偷地放置超薄对抗线圈，我们表明攻击者能够通过注入恶意Qi消息来劫持通信通道，以进一步控制整个充电过程;2)窃听攻击:通过在放置充电器的表面(如桌子)下放置一个对抗性线圈，攻击者可以窃听Qi消息，并进一步推断设备在充电时的运行活动。我们使用多种商品智能手机和14种常用的通话和消息应用程序验证了这些概念验证攻击。结果表明，我们设计的劫持攻击会导致充电过充、充电不足和充电暂停等，可能会对电池造成更严重的损害(例如，过热、电池寿命缩短或爆炸)。此外，所设计的窃听攻击在检测和识别正在运行的应用程序活动方面可以达到很高的准确率(例如，呼叫应用程序和消息应用程序的准确率分别超过95.56%和85.80%)。我们的工作揭示了当前部署的无线充电架构的一个基本设计漏洞，这可能会使人们在智能手机无线充电时面临安全和隐私风险。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Annual Computer Security Applications Conference

自引率

0.00%

发文量