Low battery on your phone, laptop could pose a privacy threat: report
If your smartphone’s or laptop’s battery is running out of juice, you usually tend to charge it or switch to battery saving mode. You would never even think of it as a problem or a security threat, especially to your privacy. However, a new study on certain APIs has highlighted that the issue could be more than what it calls for.
According to a study by some researchers at the Princeton University, the battery status on your electronic device could trigger an event where your privacy could be at stake, online. However, the present study does not confirm whether the issue has been used for any sort of hacking, or privacy theft, but the results could be devastating.
Since your battery reports back to the operating system about the status of the existing power using APIs built into the software, it very well means that the software is using this information to trigger something. The something could be a battery saving mode, other than simply alerting you that there is ‘x’ amount of time remaining till the hardware shuts down. This simple and miniscule information from the battery can trigger something disastrous if misused. And this has been found by some security researchers.
Many internet users can be targeted from the websites they hit. Researchers at the Princeton University have found out that a small number of websites are now tracking devices with information about how much power or charge is left on the battery.
‘We discovered two fingerprinting scripts utilizing the API during our manual analysis of other fingerprinting techniques. One script, https://go.lynxbroker.de/eat_heartbeat.js, retrieves the current charge level of the host device and combines it with several other identifying features. These features include the canvas fingerprint and the user’s local IP address retrieved with WebRTC,’ mentioned the research report. ‘The second script, http://js.ad-score.com/score.min.js, queries all properties of the BatteryManager interface, retrieving the current charging status, the charge level, and the time remaining to discharge or recharge. As with the previous script, these features are combined with other identifying features used to fingerprint a device,’ it concludes.
As for now, it is not known how the websites are making use of the said information from the battery API. This could, however, be put to use by rogue websites for tracking information from users. The data can be used for targeted ads, products, etc, which could throw the user into websites plagued with viruses and malware.