A group of researchers at Stanford University and the Israeli defense company Rafael has discovered a way to track mobile devices by analyzing the power supply. The experts have proposed a technique dubbed PowerSpy to track mobile users by the analysis of power consumption, the method seems to have up to 90 percent accuracy.
An important element to consider is that data related to the power supply, unlike GPS or Wi-Fi location tracking, is freely available to any mobile app that users install on the smartphone and doesn’t need the user’s permission to access it.
The PowerSpy technique could allow to gather information related to the location of Android phones by simply tracking how much power has been used over a certain time.
The power consumption depends on a several factors, including the environment that surround the device. For example, the presence of physical objects such as mountains or buildings has a significant impact on the amount of battery needed for signal transmissions and reception.
The presence of obstacles interferes with signals and cause temporary ‘power drains’ on the devices.
“A sufficiently long power measurement (several minutes) enables the learning algorithm to ‘see’ through the noise,” the researchers explained. “We show that measuring the phone’s aggregate power consumption over time completely reveals the phone’s location and movement.”
“It is also impossible to gain any data if the hacker has not walked along the same routes previously.” reported Wired in a post.
In their test sessions, the researchers collected data from mobile devices as they drove around the Bay Area in California and the Israeli city of Haifa. The experts have recorded the power consumption of an LG Nexus 4 handset as it repeatedly traveled through specific routes choses for the experiment. By adopting the PowerSpy technique, the researchers were able to identify the target path with 90 percent accuracy.
“If you take the same ride a couple of times, you’ll see a very clear signal profile and power profile,” says Yan Michalevsky, one of the researchers from Stanford. “We show that those similarities are enough to recognize among several possible routes that you’re taking this route or that one, that you drove from Uptown to Downtown, for instance, and not from Uptown to Queens.”
How to implement PowerSpy technique in a real scenario?
Threat actors may use a specific app to implements the PowerSpy technique as explained by Yan Michalevski.
“You could install an application like Angry Birds that communicates over the network but doesn’t ask for any location permissions,” says Michalevski. “It gathers information and sends it back to me to track you in real time, to understand what routes you’ve taken when you drove your car or to know exactly where you are on the route. And it does it all just by reading power consumption.”
According to the researchers, the PowerSpy technique is very effective to spy on mobile devices that have installed only a few number of apps because their interference with the power used by smartphone is limited respect mobile devices with a greated number of apps because they would use power unpredictably.
What can users do to stop it? Basically, nothing aside from not using the phone. With certain apps, such as Instagram or Facebook, the user is asked whether they want to provide their current geo-location. However, the data from the power supply on a phone is freely available. Michalevsky says this is a problem that Google needs to address.
Enjoy the study
PowerSpy: Location Tracking using Mobile Device Power Analysis
(Security Affairs – mobile phone tracking, PowerSpy)