Smartphone’s batteries are a smart device themselves, smart enough to store information about how people use their phones to implement energy-saving mechanisms that result in a higher smartphone performance. These benefits might sound great, but pentest experts suggest that smart batteries could be used by hackers to learn about mobile phone users.
A really simple hack
Pentest experts in charge of the investigation pointed out that this attack would be quick to implement and difficult to detect. They argue that smartphone owners can even inadvertently help hackers to attack by using potentially malicious batteries.
This could happen if a hacker, through an online store, attracts users with promises of extra-long life batteries at low prices, delivers the battery to the buyer and wait for it to be installed on the phone to begin tracing.
In addition, the battery might be able to perform continuous tracking, giving hackers a chance to see everything people do with their phones, whether surfing the Internet, using the phone’s keyboard or receiving calls.
A challenge for hackers too
Even when this hack is of course dangerous once the battery enters the phone, the pentest experts also explored the obstacles that hackers might encounter in the preliminary stages. For example, they must conform to the processing device that retrieves and sends the data inside the battery; In addition, the battery may not be too dense or have other features that can lead to someone believing that it has additional parts.
Since phones nowadays have thinner and lighter batteries, the possibility that people will suspect that something is wrong with the batteries before installation could increase.
The process of extracting the data from the battery is also an obstacle for hackers. Researchers say that even if an out-of-band transmitter with Wi-Fi can send data to the attackers, it would also be noticeable that the battery has been tapped.
Working as a cyber security solutions architect, Alisa focuses on bug bounty and network security. Before joining us she held a cyber security researcher positions within a variety of cyber security start-ups. She also experience in different industry domains like finance, healthcare and consumer products.