Dear Visitor,

Our system has found that you are using an ad-blocking browser add-on.

We just wanted to let you know that our site content is, of course, available to you absolutely free of charge.

Our ads are the only way we have to be able to bring you the latest high-quality content, which is written by professional journalists, with the help of editors, graphic designers, and our site production and I.T. staff, as well as many other talented people who work around the clock for this site.

So, we ask you to add this site to your Ad Blocker’s "white list" or to simply disable your Ad Blocker while visiting this site.

Continue on this site freely
You are here: Home / World Wide Web / Phone Battery May Be Spying on You
Your Smartphone's Battery May Be Spying on You
Your Smartphone's Battery May Be Spying on You
By Shirley Siluk / CRM Daily Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
An application that checks the battery status of users' devices so Web sites can switch them to power-saving modes can also be used to provide identifiable "fingerprints" of users without their knowledge, according to European researchers. The research team focused on the application's use in Firefox, which has since deployed a fix for the bug.

The Battery Status application programming interface (API) in HTML5 provides information about the remaining power in laptops or mobile devices without users' permission, according to a study authored by researchers in France and Belgium. The data provided by the API, particularly for old and used batteries, could "potentially serve as a tracking identifier," according to the researchers.

After identifying the privacy flaw, the researchers developed a way to modify the API in Firefox on Linux to eliminate that concern. They submitted a bug report to Mozilla, which operates the Firefox browser, and Mozilla provided a fix for the problem.

Enabling Short-Term Fingerprinting, Tracking

The team undertook its research because co-author Lukasz Olejnik, a security and privacy research engineer formerly at France's INRIA, "noticed the high-precision battery level readouts provided by Firefox on Linux," Gunes Acar, one of the study's authors and a researcher at Katholieke Universiteit Leuven in Belgium, told us.

Acar said the researchers had serious concerns about the new HTML5 functionalities (APIs) added to the browser and their potential impacts on privacy and security.

Although the W3C specifications for the Battery Status API state that "the information disclosed has minimal impact on privacy or fingerprinting, and therefore is exposed without permission grants," the researchers discovered that was not the case. The accessible details about the status of the batteries could enable fingerprinting and tracking of devices in the short term.

Sensor-Related APIs a Concern

Acar said the team was surprised by finding the vulnerability in Firefox "since Mozilla is known to be more cautious than other browser manufacturers in terms of privacy." He added that other browsers such as Chrome and Opera didn't provide battery data in as much detail as Firefox, but even there, such "low-precision readouts can be exploited for tracking in short-term intervals."

Other research has identified additional APIs with fingerprinting potential. Last month, for instance, independent security researchers Per Thorsheim and Paul Moore revealed how keystroke tracking -- monitoring how users type in information on Web sites -- could be used to identify people even on the anonymous Tor network. And in 2013, researchers at Stanford found that smartphone accelerometers, sensors that detect a device's movement, can generate unique data that could be used to identify an individual owner.

"I believe it's more scary than the battery since it's more identifying," Acar said of the accelerometer vulnerability. He added that, in general, sensor-related APIs such as those for detecting ambient light, ambient humidity and atmospheric pressure, "concern me."

Tell Us What You Think


Like Us on FacebookFollow Us on Twitter
© Copyright 2018 NewsFactor Network. All rights reserved. Member of Accuserve Ad Network.