Phone batteries can be used to spy on their owners and track them around the internet

Batteries send out information that could be used to identify even the most privacy-savvy of internet users

Andrew Griffin
Tuesday 04 August 2015 06:42 EDT
Comments
(Getty Images)

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

Phone batteries are sending out information that could be used to identify their owners and track them around the internet, even if they have taken very careful privacy precautions, according to a paper by security researchers.

A piece of software in HTML5 — the technology used to let people read sites on the web — tells websites how much battery is left in a users’ phone, and is intended to allow websites to help preserve battery if phones are running low. But that same information can be used to identify phones as they move around the internet, allowing people to be tracked.

Websites and the scripts that run on them don’t have to ask users’ permission to see how much charge is left, so phones will respond to the request to say how much charge they have and how long it will take them to power back up. That information can then be used as a way of identifying the phones themselves, without their users ever knowing.

A website could put those two numbers together and watch for a phone with an identical or similar profile appearing on other pages, for instance. Malicious people could then put those two events together and work out that the same phone had accessed both websites, which can usually be hidden.

Technology like VPNs (which are used to route internet traffic through another place, to anonymise it) and private browsing (which stops websites from reading tracking cookies that have previously been saved) are normally enough to keep people from following a user around the internet. But the security problems in the battery software could be used to get around those precautions.

The researchers writer in their paper, ‘The leaking battery: A privacy analysis of the HTML5 Battery Status API’, that user should at the very least be able to make sites ask permission before they see the battery information. The researchers — Lukasz Olejnik, Gunes Acar, Claude Castelluccia and Claudia Diaz — also suggest that users should be given more information about how the battery status software is used.

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in