The joint product of researchers at UT Texas, the Hebrew University, and Technion, a new paper aimed at considering smartphone security details a potentially devastating hack that would allow an attacker to use your battery as a 'snitch'.
The attack, currently only tested in a simulated environment, uses a microcontroller to turn a smartphone battery into a 'snitch' by sampling power flowing in and out of it, and correlating the different rates at which power is consumed to different actions.
The method could potentially be used to determine, for example, a keystroke, the context in which it was performed (e.g. what kind of application you are typing in) and "the events that preceded or followed it", like making a phone call. Tracking the power drawn by the various components like the CPU, GPU, screen and DRAM would even allow an attacker to glean information about which websites were visited or what keys were pressed - basically, a very sophisticated keylogger.
Since every action you take on the phone would require power to be drawn from the battery, using the battery in this manner would provide a wealth of information that could easily prove to be a goldmine.
While potentially a source for abundant mischief, the attack would certainly be hard to pull off. For one, the attacker would need physical access to the phone in order to install a microcontroller capable of reading the power surges or to replace it with an already-poisoned one.
On the other hand, the required software tools necessary to make the exploit work already exist in the form of the Web Battery API, which is becoming less popular with browser makers precisely because of its security implications but is still supported by Chrome.
Privacy consultant Lucas Olejnik explains: "All the victim user has to do is to visit a sink website that is reading the data. Malicious batteries can detect when the browser enters this special website, and enable the exfiltration mode.”
The paper does clarify that exfiltration in their tests was relatively slow, Olejnik cautioned that "there is no reason for browsers to allow frequent switches between charge/discharge events. So Privacy by Design methodology would advice here: cap the switch rate.”
Given the prerequisites, you're unlikely to be the victim of one in the near future but, as Olejnik puts it, "the work is significant."
Via: The Register