Researchers from Stanford University – Steve Engelhard and Arvind Narayanan, recently found that your smartphone’s battery status may now provide a way for websites to track you online – “thanks to HTML5”.
With rise of HTML5 web developers can do a lot of things, in that HTML5 Battery Status API – information on your battery life percentage and time to discharge, as well as how long it would take to charge your phone can be used to track you online.
HTML5 Battery Status API allows servers to determine when they need to send an energy-efficient version of a website. It lets them see how much charge a laptop, tablet, or smartphone has in terms of time remaining until discharge, and as an overall percentage.
And according to researchers – these two figures can be combined to provide a the unique combinations of the numbers which would give websites a way to match your battery information with your IP with fairly good certainty and there are about 14 million different combinations of battery life as a percentage and remaining time.
And also these figures about battery status updates after almost every half a minute, so these statistics can be used to identify the user on the website within the time frame of 30 seconds. Researchers claim that website can possibly reconstruct your battery’s identity, within that given 30-second timeframe, even if you visit a website using a proxy and then revisit the same website without proxy.
The worst part of this attack is that it’s hard to mitigate against it. You can’t deal with it as easily as you would wipe your browser cookies. VPNs and AdBlockers won’t help either. The only option is to plug the device into the mains. Although it’s unclear whether this sort of thing is being routinely used against users, for some time, many in the security community have held concerns about the Battery Status API.
Right now only Firefox supports Battery status disabling feature. So if you are too much concerned about your privacy switch to Firefox.
Click here to check if Battery Status API is Enabled/Disabled in your browser.