Websites are prying into users’ phone batteries and using them to track them around the web.
Phones send up how much of their battery is left, and how long it will take to charge, to websites that ask for it. It was intended as a way for those sites to decide not to tax their visitors’ batteries if it seemed to be running low, by presenting low energy versions of themselves.
But that same feature can be used by malicious people to track phones as they move around the web, researchers have found. It is being used to spy on people as they go to different websites, allowing their browsing to be tracked, and potentially to steal from them, blackmail them or rip them off.
The problem comes because the information that phones’ innocently hand over can be used to accurately identify any particular phone. There are 18 million different combinations of phone battery and time left that a phone could possibly send over – so watching for that same information appearing on various sites can let people be tracked.
Theoretically, if someone visits one website, clears their phone’s memory and uses a VPN to disguise their location, and then heads to another, it shouldn’t be possible to connect those two activities. But whatever a person does they can’t hide their battery, so snooping on how much charge each visitor has can be a useful way of finding out what people are up to.
It has long been worried that the standard that sends out battery information could be used to track people. But researchers have now confirmed that it is being used in the wild.
Credit to independent.co.uk