Your Phone Battery Could Track Your Keystrokes

Researchers have revealed that your smartphone battery could be manipulated to reveal actions taken with your handset. This could include tracking everything that you type into your phone, and everything that you read. All this could be done simply by tracking the power levels exerted by your device's battery.

By utilising this level of tracking on your smartphone battery, hackers could potentially record a vast range of information about you, including:

  • Usernames and passwords for your personal accounts;
  • Financial account information used to make payments online;
  • How often you make phone calls and to whom;
  • The websites that you visit and those you visit most frequently;
  • Your movements through Maps applications such as Google.

Unlike malware (malicious software) and other viruses that smartphones aren’t too exposed to, this latest problem is harder to track and potentially more of a threat to phones than any traditional malicious application or software. Read on to find out more.

How was the hack discovered?

Researchers published information about the battery hack in a research paper titled 'Power to peep-all: Inference Attacks by Malicious Batteries on Mobile Devices'. Their findings indicated that as well as being simple to execute, the dummy component would not be costly for a hacker to put together.

'Our findings clearly demonstrate that the malicious battery attack is powerful and feasible, it requires only cheap and compact components due to its low sampling rate requirements, and it is hard to mitigate completely, motivating further research into scalable and efficient defence mechanisms.'

How does it work?

The invasion of privacy involves the use of a compromised battery unit, by which we mean a battery that has been purposefully tampered with. By installing this battery into your phone, a third party could track the power signatures emitted by various features on your device.

These power traces would be associated with different commands and functions within an AI (Artificial Intelligence) software, mapping each of your phone’s functions and features against differing spikes in the battery’s power expenditure.

  1. A malicious third party would create a 'compromised battery’, designed to track power spikes in the battery's power expenditure.
  2. The third party would then install the battery in place of your phone’s existing battery, something that could be done at an unlicensed or unofficial mobile support store.
  3. The compromised battery tracks the power traces given off whilst you use your phone. These spikes are translated into functions by an AI software program.
  4. Power traces can even be tracked down to individual keystrokes from an affected device’s keypad. These are transmitted back to the hacker for analysis, where your data could be stolen.

How could you be targeted?

We haven’t seen any instances of this technology being used to siphon off customer data, and the concept behind the hack is quite sophisticated; this would make it reserved for only the most capable and determined of criminals.

However, you could in theory be targeted by allowing a third party to gain access to your device, even if this access was authorised. For example, soliciting a phone repair in an unlicensed high street repairs shop. It has been known for dodgy stores to replace otherwise new power cells with aging batteries in the course of a routine repair, benefiting at the customer’s expense, and short of poor battery life, the customer would have no way of knowing or proving that their battery was swapped.

So technically your battery could be swapped out for a compromised unit by an unofficial repair centre, leaving you exposed to attack. That said, we’re sure that smartphone manufacturers are going to take note of this research and begin working on a fix.

If you need a new battery and need to know who you can trust, WiseGuys can offer smartphone battery replacements in Bournemouth, Christchurch and the surrounding areas. You can reach us on 0808 123 2820 to arrange a repair, or drop into one of our walk-in centres in either town.  

Latest Articles

General January 09, 2017

The Microsoft Scam

The Microsoft Scam. Find out what it is and how to protect yourself.