MobilitySecurity

Smartphones Tracked Through Analysing Battery Usage

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Follow on: Google +

Researchers were able to determine a user’s location based on battery drain over the course of a few minutes

The location of Android smartphones can be tracked by analysing battery usage over the course of a few minutes, according to new research (PDF).

Because mobile phones use more batter power the farther they are from a cellular base station, it is possible to determine a handset’s location from this data alone, researchers at Stanford University said.

Mobile security

Battery drain caused by other factors, such as application or network usage, can be filtered out using machine-learning techniques, they said.

“Aggregate phone power consumption data is extremely noisy due to the multitude of components and applications simultaneously consuming power,” wrote Yan Michalevsky, Dan Boneh and Aaron Schulman, of the Stanford computer science department, and Gabi Nakibly, from Rafael Ltd, in the paper. “Nevertheless, we show that by using machine learning techniques, the phone’s location can be inferred.”

The team constructed a virus called PowerSpy that was able to determine a user’s location more than two-thirds of the time. It does not requires the user to grant permission to access GPS, Wi-Fi, cellular or other location information, only asking for network connectivity and access to power data.

Defence

“These are very common permissions for an application, and are unlikely to raise suspicion on the part of the victim,” the researchers wrote. “By simply reading the phone’s aggregate power consumption over a period of a few minutes an application can learn information about the user’s location.”

The technique was tested using real-world data collected from popular handsets with a significant market share, and could be refined with access to more data, the researchers said.

They said smartphone security should be reviewed to better defend users’ privacy.

“Our work suggests that more security modelling needs to be done before giving third-party applications direct access to sensors,” they wrote

Are you a security pro? Try our quiz!