Part of the job of privacy researchers is to come up with security exploits that sound like magic, and then make them work. In 2013, there was the team that found a way to break an unbreakable encryption algorithm just by listening to the sound a computer’s processor makes while performing the encryption.
And now, there’s this: a project from researchers at Stanford University and Israeli defense contractor Rafael Advanced Defense Systems, which can glean information about a cell phone’s location—just by looking at its battery usage. The project is known as PowerSpy and the working paper about it was recently flagged by the Technology Review’s arXiv blog.
The idea behind the research is that cell phones vary in the amount of power they use based on the strength of their cell signal. And signal strength varies by location, for example based on how close a phone is to a cellular base station. That means that a moving phone has a sort of signature of power usage that’s a function of its path.
Those signatures aren’t distinguishable enough to enable GPS-like location tracking. But given a set number of possible routes, the power usage statistics were enough to tell which route was actually taken. In the paper, the researchers were able to pick the correct route from four possibilities with 93% accuracy.
Why does this matter? Well, people tend to care about who—and what software—knows where they are. And while iOS and Android require that an app ask for permission before obtaining a phone’s location data, the restrictions on power usage data are less stringent.
As this type of research progresses, maybe that ought to change.