- Batteries can be used to steal sensitive information on your smartphone.
- To do this, engineers integrated a micro-controller inside the battery to monitor battery’s usage spikes.
- Then, they used an AI to match these spikes with specific keystrokes.
Security researchers at the University of Texas, Israel Institute of Technology: Technion, and the Hebrew University, have discovered that the smartphone batteries can be used to steal your sensitive information without you ever knowing.
Nowadays, mobile devices are equipped with ‘smart batteries’ that are developed to provide responsiveness and extended battery life. However, these batteries could put all of your data (everything you type on your phone) at risk.
Researchers have demonstrated how malicious battery can be used to monitor user’s activity and send the collected private data to the remote attacker through secret channels. They showed that the device’s power log [sampled at 1 KHz] from the battery has enough data to extract a wide range of personal information.
Battery Hack: How It Works?
To measure power flowing both in and out of the smartphone, researchers integrated a micro-controller into the battery. Then, with the help of an offline artificial intelligence system, they matched power flows with particular keystrokes.
Micro-controller inside Samsung Galaxy S4 battery
With the help of micro-controller and Battery Status API, attackers can trace trace your passwords, monitor what websites you visited, when did you call someone, open camera or any other apps.
In short, an attacker can use a record of power consumption to create a log of everything you’re or typing, or doing, on the device.
However, hackers require to have a physical access to a device to swap the ‘malicious battery’ and start tracking everything. Also, the phone must be running on battery instead of charge.
According to the authors, swapping could be done in a short amount of time: during an airport security check, or in a repair store or supply chain. The malicious battery cells record all power traces, and an AI can translate these battery spikes into a coherent portrait of the user’s activity.
Attack overview | Courtesy of researchers
In the study, the AI successfully detected what key was being tapped on the keyboard app. Moreover, the keystroke traces were distinguishable from other screen touches.
Although the requirement of physical access to the phone makes the hack quite difficult to execute as compared to other attacks, the battery level surveillance offers several benefits.
- Since the hack leaves no footprint on the phone, it’s hard to identify such attacks.
- Unlike other attacks, the malicious battery doesn’t need any intercepting network traffic or any accessories to monitor user’s activity on the device.
- There is absolutely no need to modify/change any hardware component except replacing the phone’s battery.
- Unlike other tricky hardware attacks, swapping batteries is very simple; it requires no special tools.
Researchers implemented their method on the Samsung Galaxy Note 4 and Huawei Mate 9 smartphones. They successfully traced keystrokes of both devices that were using default keyboard as well as the 3rd party keyboard application (SwiftKey).
Safari and Mozilla have already revoked support for the Battery Status API due to privacy concerns. However, it’s still supported in the Chrome browser, making this attack broadly deployable.
Luckily, no real-world attack of this kind has been recorded till date, and researchers claim these attacks remain theoretical for now.