Gadgets

Hackers could spy on your phone via your battery

Slow to charge, quick to drain - phone batteries are awful. But their feeble power-handling abilities might not be their worst fault.

A group of phone security researchers have uncovered a flaw in the way that phone batteries communicate with websites that could allow someone to track your phone.

Titled The Leaking Battery (very good), the research paper demonstrates that a privacy risk exists in websites that use HTML5 - a programming language used to create mobile-friendly sites. A perk of HTML5 is its ability to communicate with a phone and it's battery life: if a mobile is reporting a low charge, the website will cut down on some battery-sapping features. 

So far, so clever.

However, the researchers claim this 'Battery Status API' unwittingly allows anyone with access to the data collected by the HTML5 website to potentially track a person's browsing habits. Without asking the user's permission, the website script gain's two pieces of information: how much charge is left on the user's phone and how long it would take the drain the battery in full.

Given the very specific nature of these two numbers, the researchers report, they act as an 'ID number' that could then be tracked around the web. 

This might seem like nothing but it would mean that your entire browsing habits could be tracked. Every single click. 

Looking at porn? They know. Spending a lot of time on debt websites? They know. All of your interests, there for the taking. Opening up the opportunities for, at best, targeted advertising and, at worst, potential (and incredible tech savvy) blackmailers.

"Ha! I can follow their every browsing move! The innocent fools" - hacker

"The analysis of Web standards, APIs and their implementations can reveal unexpected Web privacy problems by studying the information exposed to Web pages," say the report researchers - Lukasz Olejnik, Gunes Acar, Claude Castelluccia and Claudia Diaz. "The complex and sizable nature of the new Web APIs and their deeper integration with devices make it hard to defend against such threats."

Sure, a 'hacker' with access to this information won't be able to pinpoint your exact location or pinch your bank details - but that isn't the point the researchers are trying to make. In their eyes, HTML5 websites are breaching your privacy without asking your permission, which isn't good enough. 

For instance, we've been watching your mobile movements ever since you logged on to this story, and we're going to enjoy tracking your reads all day.

We haven't. 

Or have we?

No.

[Via: The Independent]

(Images: Shutterstock)