In a joint effort between Stanford University and Israel's defense research group Rafael, researchers created a “technique” known as PowerSpy, which can gather information on an Android phone user’s location by tracking the device’s power usage.
Unlike the data used in GPS or Wi-Fi location tracking, this information is available to any app without explicit permission from the user. The technique has the potential to determine user movement with 90% accuracy.
Spies could trick a surveillance target into downloading an app that uses PowerSpy, or companies could use the technique to monitor users for advertising purposes, according to Stanford’s Yan Michalevski.
“You could install an application like Angry Birds that communicates over the network but doesn’t ask for any location permissions,” Michalevski told Wired. “It gathers information and sends it back to me to track you in real time, to understand what routes you’ve taken when you drove your car or to know exactly where you are on the route. And it does it all just by reading power consumption.”
The technique utilizes the fact that cellular transmissions to service towers drain power at different rates, depending on distance or obstacles between the user and the tower. Michalevski says the correlation between battery use and variables like environmental conditions and cell tower distance is strong enough that momentary power drains like a phone conversation or the use of another power-hungry app can be filtered out.
For now, PowerSpy only really works on pre-defined routes: a snooper would have to know how a phone’s power “behaves” along a given route to determine the user’s location.
“If you take the same ride a couple of times, you’ll see a very clear signal profile and power profile,” says Michalevsky. “We show that those similarities are enough to recognize among several possible routes that you’re taking this route or that one, that you drove from Uptown to Downtown, for instance, and not from Uptown to Queens.”
Michalevsky says the researchers want to improve the accuracy of PowerSpy tracking with more paths and more phones.
In trials, researchers were able to determine a device’s exact path about two out of three times with phones generally geared for business purposes and containing few apps (Gmail, a corporate email inbox, and Google Calendar, for instance.) For phones with half a dozen additional apps that suck power unpredictably and add “noise” to the measurements, they could determine a portion of the path about 60%of the time, and the exact path just 20% of the time, according to Wired.
