Data leaks through power consumption? Don’t be surprised because security researchers have discovered a way to track your every move by looking at your Android smartphone's consumption of the battery power,even if you have GPS access unable.
Researchers at Stanford University and Israeli Defense Research Group, Rafael, have developed a new technology, which they have dubbed "PowerSpy", that have capability to gather the geolocation of Android phones by simply by measuring the battery usage of the phone over a certain time.
TRACKING PERMISSION GRANTED BY-DEFAULT
Unlike Wi-Fi and GPS access, the battery consumption data does not need the users’ permission to be shared and is freely available to any downloaded and installed application. Therefore, this data can be used to track a phone with up to 90 percent accuracy.
All an attacker would need to do is use an application — any application you download and installed onto your Android smartphone — to measure your phone's battery information in an attempt to track your smartphone’s location.
90 PERCENT ACCURACY RATE
PowerSpy was tested on both an Android LG Nexus 4 and Nexus 5 smartphone handsets, and researchers found that 90 percent of the time the Android’s location could be determined – even when the user wasn’t using their phone. This new discovery could have given spies a powerful new tool to track you.
Spies could fool a target user into downloading an application that uses PowerSpy in order to track victim’s every move. Even companies could use the same technique to monitor users for advertising purposes, the researchers say.
POWER USAGE DEPENDS ON VARIOUS FACTORS
PowerSpy utilizes the fact that cellular transmissions to service towers drain power at different rates, depending upon how close, or far, the user is away from the cellphone tower; and also how many solid obstacles such as mountains, buildings or cars that block phone’s signals are between the phone and the tower.
Michalevski says the correlation between the battery usage and variables like cell tower distance and environmental conditions is strong enough to to filter out other power-draining situations such as phone calls, picture taking and app usage.
"A sufficiently long power measurement (several minutes) enables the learning algorithm to ‘see’ through the noise," Yan Michalevski, one of the Stanford’s researchers, told Wired. "We show that measuring the phone’s aggregate power consumption over time completely reveals the phone’s location and movement"
LIMITATIONS OF POWERSPY
However, there is a limitation for now. PowerSpy technique only really works on pre-defined routes and only if a person has traveled along that route before. If, for instance, the phone user is in a new place for the first time, the hacker or tracker won't have enough data to track the phone's location.
The researchers collected data from phones as they drove around the Bay Area in California and the Israeli city of Haifa, and then compared it with an LG Nexus 4 cell phone. For each conducted test, they chose a different and unknown route and were able to identify the correct one with 90 percent accuracy.
"If you take the same ride a couple of times, you’ll see a very clear signal profile and power profile," says Michalevsky. "We show that those similarities are enough to recognize among several possible routes that you’re taking this route or that one, that you drove from Uptown to Downtown, for instance, and not from Uptown to Queens."
In some cases, the researchers found phones with only couple of apps installed which were easier to track because the power consumption on those phones were more consistent in comparison to phones with half a dozen additional apps that suck power unpredictably. Michalevsky says the accuracy of PowerSpy tracking is to be improved with more paths and more phones.
HOW TO STOP THIS
Well, there is nothing aside from not using the phone, which is, no doubt, impossible for most of us. Generally, users are asked to provide their current geo-location by various apps, like Facebook and Instagram. But, the data from the power supply on a phone is freely available to all of them.
"You could install an application like Angry Birds that communicates over the network but doesn't ask for any location permissions. It gathers information and sends it back to me to track you in real time, to understand what routes you’ve taken when you drove your car or to know exactly where you are on the route. And it does it all just by reading power consumption," Michalevski concluded.
Michalevsky said that the PowerSpy technique points out a privacy issue that Google needs to address because Google’s Android operating system freely provides the power consumption information to all of the installed apps for debugging purposes.