In our new paper (accepted at ESORICS 2025), we explore how attackers can mount automated SnailLoad attacks without requiring the user to explicitly click a link to the attacker's server.
For this, we exploit the automatic handling of external references in messenger and email applications, as well as responses from home routers to TCP SYNs targeting closed ports.
The full paper is available here: https://stefangast.eu/papers/zeroclicksnailload.pdf

Thank you to Nora Puntigam, @silent_bits, @vmcall, @lavados and Johanna Ullrich for the fantastic collaboration!

This is quite annoying: I recently bought a 100W USB PD charger to use with both my private and my office notebook when traveling. The original chargers for the office and private notebook are rated 65W and 100W, respectively, so I was expecting the travel charger to work with both devices.

However, it turns out that the travel charger only works reliably with my office notebook, whereas on my private device I get random disconnects when the device is under load, with the kernel complaining that it cannot read the AC adapter state due to an AML loop timeout. Even worse, just a few minutes ago the GPU of the notebook locked up completely and the notebook required a hard reset.

Similarly, my office notebook does not like the stronger original charger of my private notebook, printing a warning that it is too weak when booting.

I was expecting that these things work flawlessly with USB PD, but apparently I was too optimistic.