Smartphone Batteries Can Reveal User Activity

A team of international security researchers from the United States and Israel has discovered a new side-channel attack method that allows tracking of user activity by analyzing energy consumption. According to the experts, a “malicious battery” can collect enough information about a phone’s power-consuming components to monitor user actions.

During their research, the experts embedded a microcontroller into a battery to analyze power fluctuations at the input and output with a sampling rate of 1 kHz. The battery is a very attractive attack vector because attackers can determine all actions performed on the device. Hackers can correlate power flow patterns with keystrokes, the context of those keystrokes (for example, when visiting a website), and “events that preceded or followed them,” such as taking a photo or making a phone call.

“Together, this data creates a complete picture of user activity, dramatically increasing the effectiveness of targeted attacks,” the researchers noted.

At the same time, the attack is difficult to execute, as it requires physical access to the device, a modified battery, and an autonomous artificial intelligence system to analyze the power data.