Updated Firefox Halts Battery Status Check

Friday, November 4, 2016 @ 11:11 AM gHale


Firefox’s web browser version 52 will no longer allow websites to access the Battery Status API.

What kind of information could end up gleaned from a battery status? As it turns out, quite a bit as this API provides information when queried that could end up leveraged with other techniques to target Internet users and recreate deleted tracking cookies.

RELATED STORIES
Mozilla Patches Firefox Holes
Browsers Eyed by Malicious Script
Ransomware Decryption Tool Releases
Ransomware Changes Extension

“Users who try to re-visit a website with a new identity may use browsers’ private mode or clear cookies and other client side identifiers. When consecutive visits are made within a short interval, the website can link users’ new and old identities by exploiting battery level and charge/discharge times,” researchers said in a paper.

“The website can then re-instantiate users’ cookies and other client side identifiers, a method known as respawning,” researchers said. “Note that, although this method of exploiting battery data as a linking identifier would only work for short time intervals, it may be used against power users who can not only clear their cookies but can go to great lengths to clear their evercookies.”

Engineering program manager at Mozilla Chris Peterson implemented the change in the Firefox 52 Nightly version (a test build).

“The battery code and tests remain, available to Gecko code and Firefox add-ons,” he said.



Leave a Reply

You must be logged in to post a comment.