Detect and identify IoT malware by analyzing electromagnetic signals

2022-01-10 13:01

Electromagnetic emanations can be recorded and used to detect and identify malware running on IoT devices, a group of researchers working at IRISA have proven.

This novel malware detection approach also offers additional advantages: as no specific software has to be installed on the monitored device, it can hardly be detected by the malware and evaded by the malware authors.

"Also, since a malware does not have control on outside hardware-level events, a protection system relying on hardware features cannot be taken down, even if the malware owns the maximum privilege on the machine. Therefore, with EM emanation it becomes possible to detect stealthy malware, which are able to prevent software-based analysis methods," the researchers noted.

Duy-Phuc Pham, Damien Marion, Matthieu Mastio and Annelie Heuser's proposed solution is likely to be particularly useful for malware analysts, as it's capable of detecting new malware, no matter what obfuscation techniques the malware developers use.

"While previous solutions such as signature-based packer detection can be evaded, our results show that we can distinguish between obfuscation techniques solely based on EM traces, which gives the opportunity to analyze the evolution of IoT malware since new obfuscation techniques will be reformed to thwart detection," they noted.

"Given our experimental results, malware analysts therefore profit from our robust methodology to gain a better understanding about the variant, type/family, forensic, and/or evolution of malware groups and campaigns, particularly in the context when software systems fail or cannot be applied."

News URL

https://www.helpnetsecurity.com/2022/01/10/detect-iot-malware/

#IOT #malware #signal