Hackers can track phone users’ location by looking at power supply
The findings were carried out by a group of researchers at Stanford University and the Israeli defense company Rafael. The created a technique, which they have named PowerSpy and can gather information concerning the location of Android phones. It does this by simply tracking how much power has been used over a certain time.
How much power is used depends on a number of factors. For example, the further away the phone is from a transmitter, the more power is needed to get a signal. Physical objects such as mountains or buildings also have an impact on the amount of battery needed as these obstacles can block the phone’s signal, meaning there are temporary ‘power drains’ on the devices.
“A sufficiently long power measurement (several minutes) enables the learning algorithm to ‘see’ through the noise,” the researchers said, which was reported by Wired. “We show that measuring the phone’s aggregate power consumption over time completely reveals the phone’s location and movement.”
However, there is a catch. The spying technique only works if the person has traveled along that route before. It is also impossible to gain any data if the hacker has not walked along the same routes previously.
The researchers gathered data from phones as they drove around the Bay Area in California and the Israeli city of Haifa. They then compared the data they had collected with an LG Nexus 4 cell phone. For each test which was carried out, the team chose a different, unknown route. Wired magazine reports that they were able to identify the correct one with 90 percent accuracy.
“If you take the same ride a couple of times, you’ll see a very clear signal profile and power profile,” says Yan Michalevsky, one of the researchers from Stanford. “We show that those similarities are enough to recognize among several possible routes that you’re taking this route or that one, that you drove from Uptown to Downtown, for instance, and not from Uptown to Queens,” according to the Wired.
The researchers also found out that phones with a very few number of apps were easier to track as the power used was more consistent in comparison to phones, which had a number of apps because they would use power unpredictably.
What can users do to stop it? Basically, nothing aside from not using the phone. With certain apps, such as Instagram or Facebook, the user is asked whether they want to provide their current geo-location. However, the data from the power supply on a phone is freely available. Michalevsky says this is a problem that Google needs to address.
“You could install an application like Angry Birds that communicates over the network but doesn’t ask for any location permissions. It gathers information and sends it back to me to track you in real time, to understand what routes you’ve taken when you drove your car or to know exactly where you are on the route. And it does it all just by reading power consumption,” Michalevsky concluded.