Battery status exploit means sites track you on smartphone and laptop
A HTML5 exploit has left web users vulnerable to online tracking according to a new scientific report.
'The leaking battery: A privacy analysis of the HTML5 Battery Status API’ from French and Belgian security researchers claimed that web users can be tracked by websites through their smartphone and laptop battery updates.
The HTML5 Battery Status API gives websites access to in-depth information including battery level, the length of time it charged for and its discharging time, which is almost entirely unique to each user. This enables devices to be monitored for short windows.
The research read: “HTML5 Battery Status API enables websites to access the battery state of a mobile device or a laptop. Using the API, websites can check the battery level of a device and use this information to switch between energy-saving or high-performance modes. All the information exposed by the Battery Status API is available without users’ permission or awareness.
“We hope to draw attention to this privacy issue by demonstrating the ways to abuse the API for fingerprinting and tracking”
Even web users masking their IP addresses using services such as TOR were monitored using the exploit. As a solution, researchers argued that by rounding readings to the nearest full number, the homogenised data left devices under lessened risk of identification.