Most people think that data leaks often happen through those apps that require the phone users to allow GPS, WiFi, and other possible entryways to be hacked. Some apps that can now track your every move via GPS are most likely to be open to hack attacks but researchers recently discovered that Android smartphones actually reveal information about one’s location to every app installed on device through the power consumption.
Is this really possible? Yes, according to Rafael, a defense research group from Israel, and Stanford University researchers who have developed PowerSpy. It’s a new technique that can gather information about the geolocation of a phone by simply tracking power usage. While WiFi and GPS location need permission from the user to be tracked, power consumption data are freely available to any app installed on the phone. This allows easy tracking of a user’s phone activities and movements.
This means anyone can track your location and movements real time by tricking you to download an app that makes use of PowerSpy technique. Any app can use this to communicate and track the user over the network and in real time. No need for location permissions because the particular trick gathers information such as routes and exact location by simply reading the phone’s power consumption.
Yan Michalevski, researcher at Stanford explains:
“You could install an application like Angry Birds that communicates over the network but doesn’t ask for any location permissions. It gathers information and sends it back to me to track you in real time, to understand what routes you’ve taken when you drove your car or to know exactly where you are on the route. And it does it all just by reading power consumption.”
The idea of PowerSpy works on the fact that more power is consumed by the phone once it moves farther away from a cell tower or when signal is blocked by mountains or buildings. It actually makes sense that battery is used more if it’s moving or is far from the power source.
Researchers tried to detect the noise by focusing on longer-term trends instead of those that last only a few minutes or seconds. This allows them to learn the algorithm and to determine the movement and location of the phone. However, the technology is still limited as the spy still needs to walk or drive through several routes as pre-measurement before one can track power usage and location.
For this project, the researchers travelled around the Bay Area in California to gather power consumption of an LG Nexus 4. Data are then compared with other power data collected on other phones. Special findings include that location could be identified with 90 percent accuracy.
PowerSpy may be effective and almost accurate (dangerous too) but Stanford researchers simply want to remind us of to be careful of allowing unsecure apps from not trusted sites because a lot of information can be leaked.
Google has not replied when asked for a comment but it would be interesting to know what the Android team thinks or if there any possible fixes.
IMAGE: Martin Abegglen on Flickr