CATEGORIES
home News

Your Smartphone Battery Could Fingerprint Your Online Identity, Compromise Privacy

by Brandon HillWednesday, August 03, 2016, 02:11 PM EDT

As if we needed another vector for our online privacy to be invaded, it appears that site operators may have another tool at their disposal when it comes tracking visitors. Security researchers from Princeton University have identified two scripts that are actively tracking users across the web using an HTML5 API.

The Battery Status API is part of the HTML5 standard, and can be found in modern browsers like Google Chrome, Opera, and Mozilla Firefox. Using the API, a website can determine if a mobile device’s battery is close to full capacity, near depletion, or anywhere in between.

The World Wide Web Consortium (W3C) describes the API, writing in its official documentation, “Given knowledge of the battery status, web developers are able to craft web content and applications which are power-efficient, thereby leading to improved user experience… The Battery Status API can be used to defer or scale back work when the device is not charging in or is low on battery.”

low battery pocket

However, site operators can also use this same information to accurately “fingerprint” a device, linking it to a particular user. According to the Princeton researchers [PDF], site operators don’t need permission to access the Battery Status API, and third-party scripts and ad networks can also be privy to the information.

By tying together battery level, dischargingTime and chargingTime, an accurate fingerprint can be identified and tracked with relative ease (a modified version of Firefox was used carry out testing).

“A third-party script that is present across multiple websites can link users’ visits in a short time interval by exploiting the battery information provided to Web scripts,” write the researchers involved in the study. “This could enable the third-party script to link these concurrent visits. Moreover, in case the user leaves these sites but then, shortly afterwards, visits another site with the same third-party script, the readings would likely be utilized to help in linking the current visit with the preceding ones.”

That’s some pretty sneaky stuff, and the W3C has acknowledged the work of the researchers and the viability of the exploit. And Mozilla is already issued a fix to help stamp out prying eyes from using your battery status to track you across the web. Now if we can just get some swift action from Google and Opera…

Tags:  Firefox, Chrome, Opera, Mozilla, HTML5, battery status api
TOP CONVERSATIONS
Your Next PC Platform?
More Results
KEEP INFORMED
SITE

Home

Reviews

News

Blogs

Full Site

Sitemap

CATEGORIES

PC Components

Systems

Mobile

IT Infrastructure

Leisure

Videos

COMPANY

About

Advertise

News Tips

Contact

Privacy And Terms

HotTech

MORE

Accessibility

Shop

STAY CONNECTED

Twitter

Facebook

YouTube

RSS

As an Amazon and Howl Technologies Associate, HotHardware earns a commission from qualifying purchases made on this site. This site is intended for informational and entertainment purposes only. The contents are the views and opinion of the author and/or his associates. All products and trademarks are the property of their respective owners. Reproduction in whole or in part, in any form or medium, without express written permission of Hot Hardware, Inc. is prohibited. All content and graphical elements are Copyright © 1999 - 2024 David Altavilla and Hot Hardware, Inc.
All rights reserved. Privacy and Terms - Accessibility Commitment