Unfortunately, YES!
Forget about super cookies, apps, and malware; your smartphone battery status is enough to monitor
your online activity, according to a new report.
In 2015, researchers from Stanford University demonstrated a way to track users’ locations – with up to 90 percent accuracy – by measuring the battery usage of the phone over a certain time.
The latest threat is much worse.Two security researchers, Steve Engelhard and Arvind Narayanan, from Princeton University, have published a paper describing how phone’s battery status has already been used to track users across different websites.
The issue is due to the Battery Status API (application programming interface).
How Does Battery Status API Help Advertisers Track You?
The battery status API was first introduced in HTML5 and had already shipped in browsers including Firefox, Chrome, and Opera by August last year.
The API is intended to allow site owners to see the percentage of battery life left on a laptop, tablet, or smartphone in an effort to deliver an energy-efficient version of their sites.
However, researchers warned last year about the API’s potential threat that could turn your battery level into a “finger printable” tracking identifier.
The researchers found that a combination of battery life loss in seconds and battery life as a percentage offers 14 Million different combinations, potentially providing a pseudo-unique identifier for each device that can be used to pinpoint specific devices between sites they visit.Now, the last year’s research has grown into a proper threat.
Advertisers Are Tracking You via your Battery Status
One of those researchers named Lukasz Olejnik has published a blog post this week, saying that companies are currently leveraging the potential of this battery status information.
Olejnik underlined the latest research by Engelhard and Narayanan, who discovered two tracking scripts of shady code running on the Internet at large scale, which take advantage of battery status API and currently tracking users.
The duo explains that they observed the behavior of two actual scripts and suggested the companies and other entities are perhaps leveraging this technique for their own purposes.
Here’s come the worst part of this attack:
There’s hardly any way to mitigate against this attack. Nothing works: Deleting browser cookies or using VPNs and AdBlockers will not solve your problem.
The only option is to plug your smartphone into the mains.
Over two months ago, Uber’s head of economic research Keith Chen said the company had been monitoring the battery life of its users, as it knows users are more likely to pay a much higher price to hire a cab when their phone’s battery is close to dying.
0 comments:
Post a Comment