• Stanford Researchers Create a Method to Track Mobile Devices Using Battery Charge Data

    A group of researchers at Stanford have recently developed a method to infer a device’s location from just reading the battery charge information. Dubbed “PowerSpy,” the attack relies on the fact that mobile devices use more power as they get farther from connected cellular towers. By comparing the pattern of battery power to a known established pattern measuring a given area, the location can be determined without access to any other location information.

    For those of you who didn’t know, this is actually similar to how Shazam operates. Thousands of audio “fingerprints” are created and stored in a database and new snippets recorded by users are fingerprinted and compared to the existing set. Researchers Yan Michaelevsky, Dan Boneh and Aaron Schulman of Stanford had the following to say regarding the matter:

    We show that by simply reading the phone's aggregate power consumption over a period of a few minutes an application can learn information about the user's location. Aggregate phone power consumption data is extremely noisy due to the multitude of components and applications simultaneously consuming power. Nevertheless, we show that by using machine learning techniques, the phone's location can be inferred.
    Although the researchers achieved impressive precision when it came to tracing known routes, they were also able to infer longer routes by analyzing data collated from a variety of shorter routes. The following example of tracking movements on a college campus were given:

    We address this problem by pre-recording the power profiles of all the road segments within the given area. Each possible route a mobile device may take is a concatenation of some subset of these road segments. Given a power profile of the tracked device, we will reconstruct the unknown route using the reference power profiles corresponding to the road segments.
    Although the research was performed originally on Android devices, there doesn’t seem to be any reason the method shouldn’t work when run on Apple’s iOS or other mobile operating systems assuming the battery charge data is available. The team noted that the availability of battery data is established via the HTML5 Battery API which could increase the risk of tracking by only requiring that the user load a web page – a move which nearly every smartphone owner makes at some point on an average day.

    To help mitigate the issue, researchers suggest that remedies like removing the radio stack from power consumption reporting or requiring superuser privileges to access the data. Alternatively, OS makers could treat the battery data as an indication of location, giving it a spot in the users’ privacy preferences. The team wrote the following regarding the matter:

    The user will then be aware, when installing applications that access voltage and current data, of the application's potential capabilities, and the risk potentially posed to her privacy. This defense may actually be the most consistent with the current security policies of smartphone operating systems like Android and iOS, and their current permission schemes.
    We’ll have to see how Apple, Android and others in the space react to the situation going forward.

    Source: Stanford via AppleInsider
    This article was originally published in forum thread: Stanford Researchers Create a Method to Track Mobile Devices Using Battery Charge Data started by Akshay Masand View original post
    Comments 1 Comment
    1. Jahooba's Avatar
      Jahooba -
      Sorcery! This should definitely be illegal without explicit user consent.
  • Connect With Us

  • Twitter Box

  • Facebook