Jump to Main ContentJump to Primary Navigation
Top

Hackers could spy on your phone via your battery

battery1.jpg

Slow to charge, quick to drain - phone batteries are awful. But their feeble power-handling abilities might not be their worst fault.

A group of phone security researchers have uncovered a flaw in the way that phone batteries communicate with websites that could allow someone to track your phone.

Titled The Leaking Battery (very good), the research paper demonstrates that a privacy risk exists in websites that use HTML5 - a programming language used to create mobile-friendly sites. A perk of HTML5 is its ability to communicate with a phone and it's battery life: if a mobile is reporting a low charge, the website will cut down on some battery-sapping features. 

So far, so clever.

However, the researchers claim this 'Battery Status API' unwittingly allows anyone with access to the data collected by the HTML5 website to potentially track a person's browsing habits. Without asking the user's permission, the website script gain's two pieces of information: how much charge is left on the user's phone and how long it would take the drain the battery in full.

Given the very specific nature of these two numbers, the researchers report, they act as an 'ID number' that could then be tracked around the web. 

This might seem like nothing but it would mean that your entire browsing habits could be tracked. Every single click. 

Looking at porn? They know. Spending a lot of time on debt websites? They know. All of your interests, there for the taking. Opening up the opportunities for, at best, targeted advertising and, at worst, potential (and incredible tech savvy) blackmailers.

Hacker

"Ha! I can follow their every browsing move! The innocent fools" - hacker

"The analysis of Web standards, APIs and their implementations can reveal unexpected Web privacy problems by studying the information exposed to Web pages," say the report researchers - Lukasz Olejnik, Gunes Acar, Claude Castelluccia and Claudia Diaz. "The complex and sizable nature of the new Web APIs and their deeper integration with devices make it hard to defend against such threats."

Sure, a 'hacker' with access to this information won't be able to pinpoint your exact location or pinch your bank details - but that isn't the point the researchers are trying to make. In their eyes, HTML5 websites are breaching your privacy without asking your permission, which isn't good enough. 

For instance, we've been watching your mobile movements ever since you logged on to this story, and we're going to enjoy tracking your reads all day.

We haven't. 

Or have we?

No.

[Via: The Independent]

(Images: Shutterstock)

Related

dot2.jpg

This is the first smartwatch for the blind

cable2.jpg

How To Stop Your iPhone Charger From Breaking So Easily

bmw.jpg

Apple could partner with BMW to build car

samsung2.jpg

Leaked Images Of Samsung's New 'Bigger' Smartphone

google.jpg

Google Will Now Tell You When To Avoid A Busy Bar

dogbirthday.jpg

Facebook invents the laziest-ever way to say Happy Birthday

Comments

More

Everything we know about the new Nokia 3310

The brick is back

by Matt Tate
24 Feb 2017

20 Things You'll Only Understand If You Owned A Nokia 3310

14 Feb 2017

The Nokia 3310 is getting a relaunch (yes, really)

The return of the King

by Gary Ogden
14 Feb 2017

The new iPhone looks like it's going to have wireless charging

A huge move from Apple

by Dave Fawbert
13 Feb 2017

Star Trek fans have a new reason to buy an Amazon Echo

They've done what you all wanted

24 Jan 2017

Watch Steve Jobs launch first iPhone 10 years ago

Today marks 10 years since Steve Jobs presented the world with this iconic product, but it could have been so different

09 Jan 2017

The best gadgets to launch at the biggest tech conference in the world

Christmas 2017 can't come early enough

by Joe Ellison
05 Jan 2017

16 best fitness gadgets to help you get into shape for 2017

Gadgets to get your sweat on with

by David Cornish
03 Jan 2017

An awesome paper cycling helmet wins Dyson design award

Only £4, and it'll save your life

by David Cornish
17 Nov 2016

Netflix finally confirms it's working on downloadable content

It's official, people

by David Cornish
03 Nov 2016