• Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
MUST READ

French Authorities confirm XSS.is admin arrested in Ukraine

 | 

Microsoft linked attacks on SharePoint flaws to China-nexus actors

 | 

Cisco confirms active exploitation of ISE and ISE-PIC flaws

 | 

SharePoint under fire: new ToolShell attacks target enterprises

 | 

CrushFTP zero-day actively exploited at least since July 18

 | 

Hardcoded credentials found in HPE Aruba Instant On Wi-Fi devices

 | 

MuddyWater deploys new DCHSpy variants amid Iran-Israel conflict

 | 

U.S. CISA urges to immediately patch Microsoft SharePoint flaw adding it to its Known Exploited Vulnerabilities catalog

 | 

Microsoft issues emergency patches for SharePoint zero-days exploited in "ToolShell" attacks

 | 

SharePoint zero-day CVE-2025-53770 actively exploited in the wild

 | 

Singapore warns China-linked group UNC3886 targets its critical infrastructure

 | 

U.S. CISA adds Fortinet FortiWeb flaw to its Known Exploited Vulnerabilities catalog

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 54

 | 

Security Affairs newsletter Round 533 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Radiology Associates of Richmond data breach impacts 1.4 million people

 | 

Fortinet FortiWeb flaw CVE-2025-25257 exploited hours after PoC release

 | 

Authorities released free decryptor for Phobos and 8base ransomware

 | 

Anne Arundel Dermatology data breach impacts 1.9 million people

 | 

LameHug: first AI-Powered malware linked to Russia’s APT28

 | 

5 Features Every AI-Powered SOC Platform Needs in 2025

 | 
  • Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
  • Home
  • Hacking
  • Mobile
  • Security
  • PowerSpy – How to spy on mobile users by monitoring the power supply

PowerSpy – How to spy on mobile users by monitoring the power supply

Pierluigi Paganini February 22, 2015

A group of researchers has proposed a new technique dubbed PowerSpy to track mobile users’ location by analyzing data related to the power supply.

A group of researchers at Stanford University and the Israeli defense company Rafael has discovered a way to track mobile devices by analyzing the power supply. The experts have proposed a technique dubbed PowerSpy to track mobile users by the analysis of power consumption, the method seems to have up to 90 percent accuracy.

An important element to consider is that data related to the power supply, unlike GPS or Wi-Fi location tracking, is freely available to any mobile app that users install on the smartphone and doesn’t need the user’s permission to access it.

The PowerSpy technique could allow to gather information related to the location of Android phones by simply tracking how much power has been used over a certain time.

The power consumption depends on a several factors, including the environment that surround the device. For example, the presence of physical objects such as mountains or buildings has a significant impact on the amount of battery needed for signal transmissions and reception.

The presence of obstacles interferes with signals and cause temporary ‘power drains’ on the devices.

“A sufficiently long power measurement (several minutes) enables the learning algorithm to ‘see’ through the noise,” the researchers explained. “We show that measuring the phone’s aggregate power consumption over time completely reveals the phone’s location and movement.”

The only constraint so that the success of the PowerSpy technique is  that the targeted individual has traveled along that route before. It is also impossible to gain any data if the hacker has not walked along the same routes previously.
“It is also impossible to gain any data if the hacker has not walked along the same routes previously.” reported Wired in a post.

In their test sessions, the researchers collected data from mobile devices as they drove around the Bay Area in California and the Israeli city of Haifa. The experts have recorded the power consumption of an LG Nexus 4 handset as it repeatedly traveled through specific routes choses for the experiment. By adopting the PowerSpy technique, the researchers were able to identify the target path with 90 percent accuracy.

“If you take the same ride a couple of times, you’ll see a very clear signal profile and power profile,” says Yan Michalevsky, one of the researchers from Stanford. “We show that those similarities are enough to recognize among several possible routes that you’re taking this route or that one, that you drove from Uptown to Downtown, for instance, and not from Uptown to Queens.”

PowerSpy battery usage. 2jpg

How to implement PowerSpy technique in a real scenario?

Threat actors may use a specific app to implements the PowerSpy technique as explained by Yan Michalevski.

“You could install an application like Angry Birds that communicates over the network but doesn’t ask for any location permissions,” says Michalevski.  “It gathers information and sends it back to me to track you in real time, to understand what routes you’ve taken when you drove your car or to know exactly where you are on the route. And it does it all just by reading power consumption.”

According to the researchers, the PowerSpy technique is very effective to spy on mobile devices that have installed only a few number of apps because their interference with the power used by smartphone is limited respect mobile devices with a greated number of apps because they would use power unpredictably.

What can users do to stop it? Basically, nothing aside from not using the phone. With certain apps, such as Instagram or Facebook, the user is asked whether they want to provide their current geo-location. However, the data from the power supply on a phone is freely available. Michalevsky says this is a problem that Google needs to address.

Enjoy the study

PowerSpy: Location Tracking using Mobile Device Power Analysis

Pierluigi Paganini

(Security Affairs –  mobile phone tracking, PowerSpy)


facebook linkedin twitter

Android Hacking mobile mobile app mobile phone PowerSpy surveillance

you might also like

Pierluigi Paganini July 23, 2025
Microsoft linked attacks on SharePoint flaws to China-nexus actors
Read more
Pierluigi Paganini July 22, 2025
Cisco confirms active exploitation of ISE and ISE-PIC flaws
Read more

leave a comment

newsletter

Subscribe to my email list and stay
up-to-date!

    recent articles

    French Authorities confirm XSS.is admin arrested in Ukraine

    Cyber Crime / July 23, 2025

    Microsoft linked attacks on SharePoint flaws to China-nexus actors

    APT / July 23, 2025

    Cisco confirms active exploitation of ISE and ISE-PIC flaws

    Hacking / July 22, 2025

    SharePoint under fire: new ToolShell attacks target enterprises

    Hacking / July 22, 2025

    CrushFTP zero-day actively exploited at least since July 18

    Hacking / July 22, 2025

    To contact me write an email to:

    Pierluigi Paganini :
    pierluigi.paganini@securityaffairs.co

    LEARN MORE

    QUICK LINKS

    • Home
    • Cyber Crime
    • Cyber warfare
    • APT
    • Data Breach
    • Deep Web
    • Digital ID
    • Hacking
    • Hacktivism
    • Intelligence
    • Internet of Things
    • Laws and regulations
    • Malware
    • Mobile
    • Reports
    • Security
    • Social Networks
    • Terrorism
    • ICS-SCADA
    • POLICIES
    • Contact me

    Copyright@securityaffairs 2024

    We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
    Cookie SettingsAccept All
    Manage consent

    Privacy Overview

    This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities...
    Necessary
    Always Enabled
    Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
    Non-necessary
    Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
    SAVE & ACCEPT