Stanford researchers develop method for tracking mobile devices using battery charge data

Posted:
in iPhone edited July 2015
Privacy advocates have long tried to educate consumers on the perils of giving apps access to GPS data, but a group of Stanford researchers has developed a method to infer a device's location from a seemingly much more innocuous source -- battery charge information.


Signal strength profiles, blurred to prevent unblinding, gathered as part of the research.


The attack -- which its creators have dubbed "PowerSpy" -- relies on the fact that mobile devices use more power as they get farther from connected cellular towers. By comparing the pattern of battery consumption on a device to a known pattern established by previously measuring a given area, the location can be determined without access to any other location information.

This is similar to how song identification apps like Shazam operate -- thousands of audio "fingerprints" are created and stored in a database, and new snippets recorded by users are themselves fingerprinted and compared to the existing set.

"We show that by simply reading the phone's aggregate power consumption over a period of a few minutes an application can learn information about the user's location," researchers Yan Michalevsky, Dan Boneh and Aaron Schulman of Stanford wrote in their paper, published earlier this month. It was co-authored by Gabi Nakibly of Israeli defense company Rafael Ltd.

"Aggregate phone power consumption data is extremely noisy due to the multitude of components and applications simultaneously consuming power. Nevertheless, we show that by using machine learning techniques, the phone's location can be inferred."


Estimated routes versus actual routes. Estimated routes are red, actual routes are green.


While the researchers achieved impressive precision in tracking known routes, they were also able to infer longer routes by analyzing data collated from a variety of shorter routes. They give the example of tracking movements on a college campus:

"We address this problem by pre-recording the power profiles of all the road segments within the given area. Each possible route a mobile device may take is a concatenation of some subset of these road segments. Given a power profile of the tracked device, we will reconstruct the unknown route using the reference power profiles corresponding to the road segments."

Though the research was performed on Android devices, there does not appear to be any reason the same method could not work to locate devices running Apple's iOS or other mobile operating systems, as long as battery charge data is available. The team also notes that the availability of battery data via the HTML5 Battery API could increase the risk of on-the-sly tracking by only requiring that the user load a web page.

To mitigate the issue, the researchers suggest remedies like removing the radio stack from power consumption reporting or requiring superuser privileges to access the data. Alternatively, OS makers could treat battery data as a location indicator, giving it a spot in the users' privacy preferences.

"The user will then be aware, when installing applications that access voltage and current data, of the application's potential capabilities, and the risk potentially posed to her privacy," the team wrote. "This defense may actually be the most consistent with the current security policies of smartphone operating systems like Android and iOS, and their current permission schemes."

Comments

  • Reply 1 of 16
    Soon to appear in the next season of '24'...
  • Reply 2 of 16
    Soon to appear in the next season of '24'...

    I love 24. I may have to watch that series again.
  • Reply 3 of 16
    i watched 24 from the very start just a few months ago. It was excellent. Even though i knew characters, i had forgotten most of the story line in the early seasons, so it was largely new to me again.

    Definitely start again. Just be ok with missing some sleep. :-)
  • Reply 4 of 16
    Quote:

    Originally Posted by SolipsismY View Post





    I love 24. I may have to watch that series again.



    The early seasons were pretty well done. Once they started upping the stakes into the "world ending threats" range, it got ridiculous. Also, the last season where US military people had virtual free reign on UK soil was a bit much.

  • Reply 5 of 16

    The early seasons were pretty well done. Once they started upping the stakes into the "world ending threats" range, it got ridiculous. Also, the last season where US military people had virtual free reign on UK soil was a bit much.

    I loved the last mini-season. I also loved the last full season where Jack is in the full tactile gear and then tricks President Charles Logan.
  • Reply 6 of 16
    MarvinMarvin Posts: 15,310moderator
    Privacy advocates have long tried to educate consumers on the perils of giving apps access to GPS data, but a group of Stanford researchers has developed a method to infer a device's location from a seemingly much more innocuous source -- battery charge information.

    The battery alone still doesn't let someone know where they are in the world. It would need GPS or maybe IP address plus battery data. For this to work, there would need to be

    - reliable filtering of battery usage by apps
    - a huge, regularly updated database of cell towers and their usage profiles varying with 3G/4G etc
    - continuous battery data sampling

    It seems like a lot of hassle to get an estimated location. What could people even do with this unreliable location data anyway?
  • Reply 7 of 16
    mstonemstone Posts: 11,510member
    Quote:

    Originally Posted by Marvin View Post

     
    It seems like a lot of hassle to get an estimated location. What could people even do with this unreliable location data anyway?


    Find the approximate location of ISIS combatants if you could somehow infect all their Android phones.

  • Reply 8 of 16
    Mind boggeling
  • Reply 9 of 16
    Quote:

    Originally Posted by mstone View Post

     

    Find the approximate location of ISIS combatants if you could somehow infect all their Android phones.




    Couldn't you just track the phone if you know they are ISIS agents? The spy agencies already know how to identify a phone and access some of the underlying protocols.

     

    This is useful for an application to discover location data -- so it might presumably be able to get at least the home zip code of the user, and extrapolate destinations from that. I suppose this is just a research project for "possible spying" by software companies.

     

    But it doesn't sound useful to any 3 letter agencies -- because they can just track and compromise the phone directly if it's on.

  • Reply 10 of 16

    How well would this work if you kept your phone plugged into a charger whilst driving?

  • Reply 11 of 16

    This isn't "useful" in the traditional sense, as much as it serves as a warning that seemingly useless data, like battery use, which presumably is not something that is heavily guarded, can in fact be used to piece together location data, and thus circumvent privacy settings on the device. For instance, consider a user that has switched off allowing the Facebook app to access location data, for obvious reasons. Simply by recording login information from, say, known wifi hot spots and the power usage pattern in between these logins, a complete overview of action at any time between these logins can be constructed.

     

    Simply by publishing this proof of concept, it is now shown that power usage better be treated with the same care as any other device data that is more obviously privacy-sensitive.

  • Reply 12 of 16
    muppetrymuppetry Posts: 3,331member
    Interesting exercise but I don't see the law enforcement use for this, since cell phone locations can be tracked fairly accurately in real time with a simple, formal request to the cellular provider. And the extensive "fingerprint" of route profiles required for this to work seems likely to be beyond the resources of any other possible user.
  • Reply 13 of 16
    solipsismy wrote: »
    I loved the last mini-season. I also loved the last full season where Jack is in the full tactile gear and then tricks President Charles Logan.

    President Logan was one of their better characters and the actor playing him was perfect.
  • Reply 14 of 16
    solipsismy wrote: »
    I loved the last mini-season. I also loved the last full season where Jack is in the full tactile gear and then tricks President Charles Logan.

    Tactile gear? Is that like a ribbed condom?
  • Reply 15 of 16
    stacybnstacybn Posts: 1member
    This all phone tracking thing becomes very dangerous! Of course, it may help to prevent terrorist attacks, but on the other hand there are a lot of different spy apps like http://www.toptrackingapps.com/copy9-review/ which are being sold to regular citizens. Isn't it disturbing?
Sign In or Register to comment.