By Courtney Theim
SecureWorld Media

Just when you thought hackers couldn't get any more clever, they've figured out how to use remaining battery percentage to track your devices.

A 2015 study by French and Belgian researchers "shows that websites can discover the capacity of users' batteries by exploiting the high precision readouts provided by Firefox on Linux. The capacity of the battery, as well as its level, expose a fingerprintable surface that can be used to track web users in short time intervals."

Now a more recent study from Princeton University found two instances of scripts already using this HTML5 Battery Status Application Programming Interface (API) - showing that it's not just a possibility; it's happening.  

Data sent to a website is incredibly specific - it tracks down to the second when your battery will run out of juice. This also appears as a percentage of how much power is left, as well as how much power is needed to restore a full charge, and when these numbers are connected produces enough combinations to be used as a unique identifier.

However, these numbers only refresh every 30 seconds, so the numbers are stalled, "allowing (e.g.) a third-party script to link visits from the same computer in short time intervals," according to the 2015 study.

Clearing your cookies or using a VPN won't help. Because the battery status fingerprint is so unique, revisiting a website in a short amount of time even with these increased security settings can still allow hackers to reconnect your battery fingerprint to your new network identifiers.

Lukasz Olejnik, one of the French researchers from the study, says of the impact:

"Even most unlikely mechanisms bring unexpected consequences from privacy point of views. That's why it is necessary to analyze new features, standards, designs, architectures - and products with a privacy angle. This careful process will yield results, decrease the number of issues, abuses and unwelcome surprises."