Your Smartphone’s Battery May Be Spying on You

An application that checks the battery status of users' devices so Web sites can switch them to power-saving modes can also be used to provide identifiable "fingerprints" of users without their knowledge, according to European researchers. The research team focused on the application's use in Firefox, which has since deployed a fix for the bug.

The Battery Status application programming interface (API) in HTML5 provides information about the remaining power in laptops or mobile devices without users' permission, according to a study authored by researchers in France and Belgium. The data provided by the API, particularly for old and used batteries, could "potentially serve as a tracking identifier," according to the researchers.

After identifying the privacy flaw, the researchers developed a way to modify the API in Firefox on Linux to eliminate that concern. They submitted a bug report to Mozilla, which operates the Firefox browser, and Mozilla provided a fix for the problem.

Enabling Short-Term Fingerprinting, Tracking

The team undertook its research because co-author Lukasz Olejnik, a security and privacy research engineer formerly at France's INRIA, "noticed the high-precision battery level readouts provided by Firefox on Linux," Gunes Acar, one of the study's authors and a researcher at Katholieke Universiteit Leuven in Belgium, told us.

Acar said the researchers had serious concerns about the new HTML5 functionalities (APIs) added to the browser and their potential impacts on privacy and security.

Although the W3C specifications for the Battery Status API state that "the information disclosed has minimal impact on privacy or fingerprinting, and therefore is exposed without permission grants," the researchers discovered that was not the case. The accessible details about the status of the batteries could enable fingerprinting and tracking of devices in the short term.

Sensor-Related APIs a Concern

Acar said the team was surprised by finding the vulnerability in Firefox "since Mozilla is...

Comments are closed.