This happens because the Battery Status API can pull several pieces of information about your device's battery — level, charging time and discharging time. Combined, this data is nearly unique for each device, meaning it allows potential attackers to create a digital fingerprint of your device and track your activities on the web.

"In short time intervals, Battery Status API can be used to reinstantiate tracking identifiers of users, similar to evercookies. "In short time intervals, Battery Status API can be used to reinstantiate tracking identifiers of users, similar to evercookies. Moreover, battery information can be used in cases where a user can go to great lengths to clear her evercookies. In a corporate setting, where devices share similar characteristics and IP addresses, the battery information can be used to distinguish devices behind a NAT, of traditional tracking mechanisms do not work," the paper claims.

The paper, signed by French and Belgian security researchers Lukasz Olejnik, Gunes Acar, Claude Castelluccia, and Claudia Diaz, and first reported on by The Guardian, claims that, as of June 2015, Firefox, Opera and Chrome support the HTML5 feature.

This sort of tracking would be very hard to escape, since practically all devices are vulnerable. The risk is, however, higher for old or used batteries with reduced capacities.According to the paper, the potential privacy issues of the Battery Status API have been discussed as early as 2012, but the API was not revised to alleviate them.The issue is extremely easy to fix, researchers argue: Just make the battery readings less precise. By rounding the values down, none of the functionality would be lost, but it would be nearly impossible to track a user down.

"We hope to draw attention to this privacy issue by demonstrating the ways to abuse the API for fingerprinting and tracking”Even web users masking their IP addresses using services such as TOR were monitored using the exploit. As a solution, researchers argued that by rounding readings to the nearest full number, the homogenised data left devices under lessened risk of identification.

Researchers, who tested the Firefox browser on the Linux operating system, found that there could be at least 14.2 million different combinations of this data, which was easily enough for internet users to be identified by their battery status. The status changes only every 30 seconds, meaning that for a short time the ID can act as a "static identifier".
Most internet users leave much more obvious digital fingerprints when browsing the web, such as their IP address and cookies, but people who opt out of these by using masking tools such as private browsing could still be followed using their battery data, the researchers said.

A script could use the battery status API to track an internet user who has cleared their browsing data, and then reinstate identifiers such as cookies, without the user's knowledge, a process known as respawning. This would allow it to keep tracking the user without their knowledge.
Am I vulnerable?

The chance of being affected by this bug are relatively low. The researcher's test was conducted over Firefox on a Linux machine, which allowed particularly accurate battery status data - down to 16 decimal points. The data that other operating systems such as Windows, OSX and Android and browsers gather is rounded to a lower degree, so there are not as many possible combinations of data and it is more difficult to zone in on a user.

• Acer TravelMate 6293 Battery
• Acer TravelMate 6492 Battery
• Acer TravelMate 6593 Battery
• Acer Aspire 1620 Battery
• Acer TravelMate 240 Battery
• Acer Aspire 9300 Battery
• Acer Aspire 9410Z Battery
• Acer Aspire 9420 Battery
• Acer TravelMate 4220 Battery
• Acer Aspire 3020 Battery
• Acer Aspire 3610 Battery
• Acer TravelMate 2410 Battery
• Acer Aspire 2010 Battery

Acer themselves list this model over on Amazon as well as their official website and you can clearly see in the product description that two processors are listed – so it is not a quad-core chip.With that said and done though, it is still a very solid laptop. Other features include a HD display, HDMI port, Intel HD graphics, one USB 3.0 connection, two USB 2.0 ports and up to 5.5 hours of battery life.

Unfortunately, as this is a new model for 2015 there are no Acer Aspire ES1-531 laptop reviews online yet. However, we do have the product manual download (direct link) for anyone that would like a further look at what this laptop offers.Let us know your thoughts on the specs and what you think of Tesco advertising it with a quad-core processor when in reality it is a dual-core laptop – a big deal to you or not?

Globalspace, an Indian software and solutions firm, isn't a well-known name in the hardware market. The company has dabbled in the low-cost Android space before, and has now come up with a device that it claims is the first of its kind, a "3-in-1" tablet. Obviously a play on Intel's 2-in-1 marketing strategy, this device is claimed to work like a tablet, laptop or desktop, with the appropriate accessories connected.

"In theory it might be feasible to use it just basing on the standard Battery API - although admittedly with limited performance," Lukasz Olejnik, one of the researchers, told the Telegraph.
The researchers also put the matter to Firefox, which fixed it in June 2015 - three years after the battery status API was first identified as a potential issue.
Similarly, very few internet users are likely to take steps to protect their identity in a way that tracking battery data becomes a serious option for snoopers.

However, the researchers have recommended improving standards so there is no chance of users being unwillingly tracked. This includes limiting the precision of such battery readouts - a browser realistically does not need battery life statistics more accurate than the nearest per cent - or making browsers ask permission to access the battery status API.
Mr Olejnik said that W3C may be considering changing the HTML5 standards to reflect these concerns.
Is the battery in your smartphone being used to track your online activities? It might seem unlikely, but it's not quite as farfetched as you might first think. This is not a case of malware or hacking, but a built-in component of the HTML5 specification.

• Acer TravelMate 290 Battery
• Acer Aspire 1413 Battery
• Acer Aspire 1650 Battery
• Acer Aspire 1690 Battery
• Acer Aspire 3000 Battery
• Acer Aspire 3500 Battery
• Acer TravelMate 4060 Battery
• Acer Aspire 1410 Battery
• Acer Aspire 1810TZ Battery
• Acer Aspire Timeline 1810T Battery
• Acer Aspire Timeline AS1410 Battery
• Acer Ferrari One Battery
• Acer TravelMate 2480 Battery

Originally designed to help reduce power consumption, the Battery Status API makes it possible for websites and apps to monitor the battery level of laptops, tablets, and phones. A paper published by a team of security researchers suggests that this represents a huge privacy risk. Using little more than the amount of power remaining in your battery, it is possible for people to be identified and tracked online.

As reported by The Guardian, a paper entitled The Leaking Battery by Belgian and French privacy and security experts say that the API can be used in device fingerprinting. The API can be used to determine the capacity of a website visitor's battery, as well as its current charge level, and the length of time it will take to fully discharge. When combined, these pieces of information create a unique identifier which can be used like a supercookie.

Supported by Firefox, Opera, and Chrome (but not Internet Explorer or Microsoft Edge), Battery Status API has raised the security hackles of the researchers who say:We hope to draw attention to this privacy issue by demonstrating the ways to abuse the API for fingerprinting and tracking.At particular risk are older phones. The age of the battery reduces the battery life, making it easier to generate unique identifiers. What is especially concerning is the fact that users do not need to be warned when the Battery Status API is being used. This is because when drawing up the HTML5 standard, the W3C said:The information disclosed has minimal impact on privacy or fingerprinting, and therefore is exposed without permission grants.

Posted by: akkusmarkt at 05:19 AM | No Comments | Add Comment
Post contains 1372 words, total size 12 kb.