Q
Problem solve Get help with specific problems with your technologies, process and projects.

How can power consumption-tracking malware be avoided?

Malware authors are using power consumption tracking-malware to eavesdrop on and attack mobile devices. Expert Nick Lewis explains the threat and how to defend against it.

You recently wrote about a security startup that aims to improve malware detection by monitoring a device's power...

consumption. Now I'm hearing that malware authors are using power consumption to track devices. How significant is the threat of tracking a device's power consumption, and how can that technique be used to attack a user's device?

Academic research titled "PowerSpy: Location Tracking Using Mobile Device Power Analysis" by Yan Michalevsky, Dan Boneh, Aaron Schulman, Gunaa Arumugam Veerapandian and Gabi Nakibly, describes a tracking malware attack that results in a privacy leak.

Monitoring power and other seemingly innocuous aspects of a personal device can surprisingly have privacy-related risks. The research shows it is possible to track a user's location based just on reading the power usage of a smartphone. Some parts of the phone require specific permission to access location based data -- like the GPS -- but, as described in the paper, accessing the power usage does not.

The researchers were able to use machine learning to calculate the path taken by the research subject based on the differing power consumption used to connect to nearby cell towers. The attack did require a piece of software already installed on the device, but this could easily be included as part of a malware attack or by maliciously using legitimate software included on the device.

While the risk of enterprise users being tracked in this manner is low, enterprises with high security and privacy needs should be aware of the attack. To mitigate the risk, enterprises should ensure employees only install prevetted applications on devices that are connecting to the corporate network and accessing corporate data.

Though the power consumption-tracking malware research was performed on an Android phone, iPhones are not immune to similar attacks. iPhones keep a record of the cell towers they connect to, and while this is not as sophisticated at the PowerSpy attack, similar security measures should be taken to prevent falling victim if and when the power-tracking malware attack evolves.

Ask the Expert:
Perplexed about enterprise security? Send Nick Lewis your questions today. (All questions are anonymous.)

Next Steps

Learn more about advanced malware and how to defend against it

Find out how the face of advanced malware detection is changing

How to reduce mobile, PC hybrid threats

Be careful of GPS data leakage

 

This was last published in October 2015

Dig Deeper on Malware, virus, Trojan and spyware protection and removal

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Join the conversation

1 comment

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

Does your organization have a strategy in place to defend against device-tracking malware?
Cancel

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly.com

Close