Now on Demand Ransomware Resilience & Recovery Summit - All Sessions Available
Connect with us

Hi, what are you looking for?


Data Protection

Mobile Devices Exposed to Spying via Malicious Batteries: Researchers

A team of researchers has demonstrated that specially crafted batteries installed in a smartphone can allow malicious actors to harvest and exfiltrate sensitive information.

A team of researchers has demonstrated that specially crafted batteries installed in a smartphone can allow malicious actors to harvest and exfiltrate sensitive information.

Researchers from Technion, UT Austin and Hebrew University showed that an attacker can use a malicious battery to obtain various types of information from a device by continuously monitoring power traces. Monitoring the GPU and DRAM can work, but the CPU and the touchscreen leak the most information, experts said.

Experiments have shown that attackers can – with various degrees of accuracy – deduce characters typed via the touchscreen, recover browsing history, and detect incoming calls and when a photo has been taken. Exfiltrating the data is also possible, one bit at a time, through the device’s web browser.

Rogue Batteries Can Be Used to Spy on Mobile Devices, Researchers Warn

The level of accuracy for determining keystrokes was 36%, and researchers showed that attackers can even search for passwords. In the case of detecting which website the victim has visited from a list of Alexa Top 100 sites, the researchers achieved an accuracy of 65%. An attacker can – with 100% accuracy – detect when a phone call has been made. Experiments also showed a high accuracy related to the use of the camera. In addition to detecting when a photo has been taken, an attacker can obtain data on the use of the flash and lighting conditions, researchers said in their paper.

The method requires replacing the targeted device’s battery with a malicious one, either through a supply chain, evil maid or other type of attack. Due to this reason, combined with the fact that the exfiltration and data harvesting are slow and not always accurate, it’s unlikely that such attacks will be seen in the wild any time soon.

On the other hand, the attack is interesting, especially since it’s stealthy – it has a small hardware footprint and it does not require the installation of any software on the targeted device –, it has a low cost, and it leverages a component that is often replaced by users. In one attack scenario described by researchers, the attacker sells batteries online, offering low prices or extended warranty to attract potential victims.

As for data exfiltration, researchers used the Battery Status API. This API was removed by Mozilla and Apple from their web browsers after experts showed that it posed some potentially serious privacy risks, but it’s still present in Chrome.

This API exposes three parameters: time to full charge and discharge, battery level, and charging state. Experts showed that the charging state parameter (which has a value of 0 or 1 when the battery is charging or discharging) can be manipulated for data exfiltration via the wireless charging technology.

Advertisement. Scroll to continue reading.

When a phone is charged wirelessly, the battery charging state parameter changes when an active transmitter is detected by the device. By placing a circuit that mimics the wireless charger inside the battery, an attacker can control the charging state to send out bits of “0” or “1”. The attacker needs to convince the victim to access a specially crafted website that can read this data via the Battery Status API. Since this is a bidirectional communication channel, the malicious battery can be configured to detect when the attacker’s site is visited by the victim.

However, the time it takes to detect the transition between not charging and charging is 3.9 seconds and the transition back to not charging is 1.6 seconds, which results in an exfiltration rate of 0.1-0.5 bits per second.

“The attack may seem like a stretch (requires physical battery replacement – or poisoning hardware at a factory), and at this moment one can imagine multiple simpler methods,” commented Lukasz Olejnik, one of the researchers whose work led to Mozilla and Apple removing support for the Battery Status API a couple of years ago. “Nonetheless it is an important study. Is the sky falling? No. Is the work significant? Yes.”

Last year, Olejnik conducted an analysis of the security and privacy implications associated with the ambient light sensors present in phones, tablets and laptops.

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.


SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.


People on the Move

MSSP Dataprise has appointed Nima Khamooshi as Vice President of Cybersecurity.

Backup and recovery firm Keepit has hired Kim Larsen as CISO.

Professional services company Slalom has appointed Christopher Burger as its first CISO.

More People On The Move

Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...


A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...