I placed my GrapheneOS device on a treadmill at a gym and was surprised to see that my phone automatically started to charge wirelessly. Wireless charging is feature I see becoming more common in exercise machines.
The GOS issue tracker has an enhancement open to "Implement toggle to disable wireless charging"
https://github.com/GrapheneOS/os-issue-tracker/issues/3271
This is a great feature request and I hope it can be implemented for attack surface reduction.
I've done some reading and found that wireless charging has security and privacy risks. In one published paper, researchers concluded that attacks on wireless charging used by smartphones can reveal passcodes, keystrokes, and information about running apps with high accuracy. There are numerous other papers describing similar attacks.
The side channel attacks above are concerning but I'd like to think about a more fundamental question.
The Qi wireless charging standard involves an authentication process. Details are available at https://www.graniteriverlabs.com/en-us/technical-blog/qi2-wireless-charger-certification-authentication.
If I place a GrapheneOS phone on a wireless charger, does the wireless charging session reveal any unique device identifiers to the chager? For example, I'm wondering if it's possible for a wireless charger to catalogue all devices that were placed on it.