Cryptology ePrint Archive: Report 2015/616

The leaking battery: A privacy analysis of the HTML5 Battery Status API

Lukasz Olejnik and Gunes Acar and Claude Castelluccia and Claudia Diaz

Abstract: We highlight the privacy risks associated with the HTML5 Battery Status API. We put special focus on its implementation in the Firefox browser. Our study shows that websites can discover the capacity of usersí batteries by exploiting the high precision readouts provided by Firefox on Linux. The capacity of the battery, as well as its level, expose a fingerprintable surface that can be used to track web users in short time intervals. Our analysis shows that the risk is much higher for old or used batteries with reduced capacities, as the battery capacity may potentially serve as a tracking identifier. The fingerprintable surface of the API could be drastically reduced without any loss in the APIís functionality by reducing the precision of the readings. We propose minor modifications to Battery Status API and its implementation in the Firefox browser to address the privacy issues presented in the study. Our bug report for Firefox was accepted and a fix is deployed.

Category / Keywords: Privacy, fingerprinting, battery, privacy engineering, browsers, firefox

Date: received 22 Jun 2015, last revised 4 Sep 2015

Contact author: gunes acar at esat kuleuven be

Available format(s): PDF | BibTeX Citation

Version: 20150904:172613 (All versions of this report)

Short URL: ia.cr/2015/616

Discussion forum: Show discussion | Start new discussion


[ Cryptology ePrint archive ]