Paper 2015/616

The leaking battery: A privacy analysis of the HTML5 Battery Status API

Lukasz Olejnik, Gunes Acar, Claude Castelluccia, and Claudia Diaz

Abstract

We highlight the privacy risks associated with the HTML5 Battery Status API. We put special focus on its implementation in the Firefox browser. Our study shows that websites can discover the capacity of users’ batteries by exploiting the high precision readouts provided by Firefox on Linux. The capacity of the battery, as well as its level, expose a fingerprintable surface that can be used to track web users in short time intervals. Our analysis shows that the risk is much higher for old or used batteries with reduced capacities, as the battery capacity may potentially serve as a tracking identifier. The fingerprintable surface of the API could be drastically reduced without any loss in the API’s functionality by reducing the precision of the readings. We propose minor modifications to Battery Status API and its implementation in the Firefox browser to address the privacy issues presented in the study. Our bug report for Firefox was accepted and a fix is deployed.

Metadata
Available format(s)
PDF
Publication info
Preprint. MINOR revision.
Keywords
Privacyfingerprintingbatteryprivacy engineeringbrowsersfirefox
Contact author(s)
gunes acar @ esat kuleuven be
History
2015-09-04: last of 2 revisions
2015-06-30: received
See all versions
Short URL
https://ia.cr/2015/616
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2015/616,
      author = {Lukasz Olejnik and Gunes Acar and Claude Castelluccia and Claudia Diaz},
      title = {The leaking battery: A privacy analysis of the HTML5 Battery Status API},
      howpublished = {Cryptology ePrint Archive, Paper 2015/616},
      year = {2015},
      note = {\url{https://eprint.iacr.org/2015/616}},
      url = {https://eprint.iacr.org/2015/616}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.