Security Affairs
Pegasus Used Against MEP Investigating Pegasus, Citizen Lab Finds|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|Pegasus Used Against MEP Investigating Pegasus, Citizen Lab Finds|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

One more reason to hate your cellphone battery when it sends private data to the bad actors

Security Researchers demonstrated how a “poisoned” cellphone battery in smartphones can be leveraged to “infer characters typed on a touchscreen We’ve heard about stealing information through blinking hard drive lights and computer speakers but would you believe the battery in your cell phone can also leak potentially sensitive information? Researchers at Technion Center for Security Science and Technology (CSST), Hebrew […]

cellphone battery 2

Security Researchers demonstrated how a “poisoned” cellphone battery in smartphones can be leveraged to “infer characters typed on a touchscreen

We’ve heard about stealing information through blinking hard drive lights and computer speakers but would you believe the battery in your cell phone can also leak potentially sensitive information?

Researchers at Technion Center for Security Science and Technology (CSST), Hebrew University and University of Texas at Austin have published a paper (Power to peep-all: Inference Attacks by Malicious Batteries on Mobile Devices) explaining how “poisoned” batteries in smartphones can be leveraged to “infer characters typed on a touchscreen; to accurately recover browsing history in an open-world setup; and to reliably detect incoming calls, and the photo shots including their lighting conditions.” Going further, the researchers also describe how the Battery Status API can be used to remotely capture the sensitive information.

The “attack” starts by replacing the battery in the target smartphone with a compromised battery. Perhaps by poisoning the supply chain, gaining secretive access to the device, or selling the batteries through aftermarket resellers. The specific method is left as a thought exercise, but for the risk analysis, we assume that the battery has been replaced and is thus exploitable.

cellphone battery 1

Smartphone users will tell you that the battery is the most frustrating component of their devices. To improve this experience, smartphone batteries include technology to report on current charge rates, discharge rates, charging method, etc. With this information, the device can provide feedback to the user and change operating behavior to maximize battery life.

This requires a communications channel between the battery and the smartphone, and this is the channel the researchers leveraged to exfiltrate data. The information is not restricted to only the operating system but, also exposed to the Battery Status API as defined by the W3C organization meaning it can be captured by a malicious website if accessed through a vulnerable browser (Chrome.) So the attack starts with a compromised battery, leverages the Battery Status API to expose the captured data and sends it to a malicious website through a vulnerable browser. Lots of moving pieces to line up, but plausible. So what information can be exposed this way?

cellphone battery 2

The researchers showed an ability to identify the characters typed on the screen, identify incoming phone calls, determine when a picture is taken and identify metadata for that photo. The characters being typed aren’t read directly, but the poisoned battery infers what is typed by measuring the effect on battery parameters.

This has an effect on the accuracy of the information being captured. Determining when a picture is taken or when a call is received is accurate 100% of the time. But identifying what characters are typed is only accurate 36% of the time. If the eavesdropper is able to narrow the potential characters being typed, for example, if it is known the person is typing a website URL or booking tickets on a travel website, accuracy increases to 65%.

When considering all of the potential cyber threats that exist, this definitely counts as a low risk. Replacing a cell phone battery is difficult to do without the owner being aware, and even if you manage to change the battery, the information it gathers is prone to error and capturing the information remotely is a complex endeavor. But the risk is tangible, and if not mitigated, it could grow to become significant. Mozilla and Apple have already removed support for the Battery Status API from their browsers, and the W3C organization has updated the Battery Status API specification.

Currently, Chrome is the only “vulnerable” means of exfiltrating the data through this specific attack. However as we have seen repeatedly, once a novel approach is identified, others will expand and evolve the attack. This will be an interesting one to watch.

About the author:  Steve Biswanger has over 20 years experience in Information Security consulting, and is a frequent speaker on risk, ICS and IoT topics. He is currently Director of Information Security for Encana, a North American oil & gas company and sits on the Board of Directors for the (ISC)2 Alberta Chapter.
[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs – cellphone battery, privacy)

[adrotate banner=”5″]

[adrotate banner=”13″]