Spies Can Track You Just By Watching Your Cell Phone’s Power Use — Without You Knowing They Are Doing So — Even When Your Phone Is Turned Off
So says Andy Greenberg on today’s (Feb. 20, 2015) Wired.com website. Mr. Greenberg writes that “researchers at Stanford University and Israel’s defense research group, Rafael, have found that Android phones reveal information about your location..to every app on your device, through a different — unlikely data leak: the phone’s power consumption. The researchers created a technique they call PowerSpy, which they say can gather information about the Android phone’s geolocation, by merely tracking its power use over time. That data, unlike GPS or WiFi location tracking, is freely available to any installed app…without a requirement to ask the user’s permission. That means, it could represent a new method of stealthily determining a user’s movements with as much as 90 percent accuracy — though for now, the method only really works when trying to differentiate between a certain number of pre-measured routes,” Mr. Greenberg wrote
“Spies might trick a surveillance target into downloading a specific app that uses the PowerSpy technique, or less malicious app makers could use its location tracking for advertising purposes,” said Yan Michalevski, one of the Stanford researchers. “You could install an application like Angry Birds, that communicates over the network; but, doesn’t ask for any location permissions,” says Michalevski. “It gathers information, and sends it back to me to track you in real-time, to understand what route’s you’ve taken when you drove your car, or to know exactly where you were are on the route. And, it does it all just by reading power consumption.”
‘One of the machine-learning tricks the researchers used to detect the “noise” is a focus on longer-term trends in the phone’s power use, rather than those that last just a few seconds, or minutes, “A sufficiently long power measurement (several minutes) enables the learning algorithm to ‘see’ through through the noise,” the researchers write. “We show that measuring the phone’s aggregate power consumption over time completely reveal the phone’s location and movement.”
“Even so, PowerSpy has a major limitation: It requires that the snooper pre-measure how a phone’s power use behaves as it travels along defined routes. This means you can’t snoop on a place you, or your cohort has never been, as you need to actually to have actually walked or driven along the route your subject’s phone takes…in order to draw any location conclusions. The Stanford and Israeli researchers collected power data from phones, as they drove around California’s Bay Area, and the Israeli city of Haifa. Then, they compared their dataset with the power consumption of an LG Nexus 4 handset , as repeatedly traveled through one of those routes, using a different, unknown choice of route with each test. They found that among seven possible routes, they could identify the correct one…..with 90 percent accuracy,” Wired.com noted.
“If you take the same ride a couple of times, you’ll see a very clear signal, and power profile/s,” says Michalevski. “We show that those similarities are enough to recognize among several possible routes that you’re taking this route, or that one, that you drove from Uptown, to Downtown, for instance, and not from Uptown to Queens.” Michalevski says the group hopes to improve its analysis — to apply that same level of accuracy to tracking phones thorough many possible paths; and, with a variety of phones — they already believe that a Nexus 5 would work just as well, for instance,” Mr. Greenberg wrote “The researchers are also working on detecting more precisely where in a known route a phone is — at any given time. Currently, the precision of that measurement varies from a few meters, to hundreds of meters — depending upon how long the phone has been traveling.”
“The researchers have attempted to detect phones’ locations, even as they travel routes the snooper has never fully seen before. That extra feat is accomplished by piecing together their measurements of small portions of the routes whose power profiles have already been measured. For a phone with just a few apps like Gmail, a corporate email inbox, and Google Calendar, the researchers were able to determine a device’s exact path about two out of three times. For phones with half a dozen additional apps that suck power unpredictably, and add noise to the measurements, they could determine a portion of the path about 60 percent of the time, and the exact path, just 20 percent of the time,” Mr. Greenberg wrote.
“Even with its relative imprecision, and the need for earlier measurements of power use along possible routes, Michalevski argues that PowerSpy represents a privacy problem that Google hasn’t fully considered,” or appreciates.
“Android makes power consumption data available to all apps for the purpose of debugging. But, that means the data could easily have been restricted to developers, nixing any chance for it to become a backdoor method of pinpointing a user’s position.”
Google did not respond to Wired.com regarding the publication of this article and the researchers findings.
Stanfiord’s Michaevski says “PowerSpy is another reminder of the danger of giving untrusted apps, access to a sensor that picks up more information than it’s meant to. “We can abuse attack surfaces in unexpected ways,” he says, “to leak information in ways that it’s not supposed to leak.”
There are ways to defeat this kind of unauthorized, or unwitting snooping. There are several companies out there, for example, Secrypt, that have a downloadable app that encrypts your cellphone. Yes, you would be vulnerable to this kind of snooping until, as well as at the time you downloaded the encrypt app. And as with anything, encrypting your cell phone also has trade-offs. If you were ever lost, or in an accident, and needed to be rescued — first responders would not be able to geolocate your location — if your cell phone was still encrypted. You could also go the route of disposable, or throw away cell phones, if you wanted to try and stay hidden; but, again, there are trade offs there as well — no steady cell number, constantly having to get disposable cell phones, and so on. Being able to snoop like this obviously aids law enforcement, intelligence agencies, etc.; but, it also would help the darker angles of our nature — such as stalkers. Getting a court order that requires a stalker to remain a certain distance away from their victim — may not mean a whole lot, if the stalker is cognizant of this kind of technique — which might allow them to continue to stalk their victim — without the victim and law enforcement necessarily knowing that that they are doing so The private investigator community may also be able to utilize this technique — though I do not know the legal ramifications — if any — with respect to using this method of surveillance, Finally, who’s watching the watchers? V/R, RCP