According to cybersecurity experts, electromagnetic emanations can help detect evasive malware on IoT devices. With this approach, the IoT devices can leverage electromagnetic field emanations as a side-channel to gather precise knowledge of different kinds of malware targeting the embedded systems. It can prove to be quite a handful even in situations where obfuscation techniques have been applied to hinder analysis.
IoT appliances are regularly being targeted by threat actors, as these devices come with superior processing power and are capable of running on fully functional operating systems. The recent research finding will help combat malware analysis to mitigate potential security risks.
According to the Research Institute of Computer Science, and Random Systems (IRISA) at the Annual Computer Security Applications Conference (ACSAC) held last month, the researchers said in a paper, “[Electromagnetic] emanation that is measured from the device is practically undetectable by the malware. Therefore, malware evasion techniques cannot be straightforwardly applied unlike for dynamic software monitoring. Also, since malware does not have control on outside hardware-level, a protection system relying on hard]ware features cannot be taken down, even if the malware owns the maximum privilege on the machine.”
The aim of the research is to use the side-channel information to detect anomalies in emanations when they deviate from previously observed patterns. This will enable them to raise an alert when suspicious behavior emulating the malware is recorded in comparison to the system’s normal state.
This can be achieved without any modifications on the target devices, while the framework devised in the study allows the researchers to detect and classify stealthy malware such as kernel-level rootkits, ransomware, and distributed denial-of-service (DDoS) botnets like Mirai, counting unseen variants.The side channel approach involves three phases to measure the electromagnetic emanations while executing 30 different malware binaries as well as performing benign video, music, picture, and camera-related activities to train a convolutional neural network (CNN) model for classifying real-world malware samples. The framework specifically takes input from an executable and outputs its malware label by solely relying on the side-channel information.
The researchers in an experimental setup used a Raspberry Pi 2B as a target device with a 900 MHz quad-core ARM Cortex A7 processor and 1 GB memory. The electromagnetic signals were acquired and amplified using a combination of an oscilloscope and a PA 303 BNC preamplifier. Enabling them to effectively predict the three malware types and their associated families with an accuracy of 99.82% and 99.61%.
According to researchers, “[B]y using simple neural network models, it is possible to gain considerable information about the state of a monitored device, by observing solely its [electromagnetic] emanations. Our system is robust against various code transformations/obfuscation, including random junk insertion, packing, and virtualization, even when the transformation is previously not known to the system.”
New Apache Log4j Update Patch Released for Newly Discovered Vulnerability
Garrett Walk-Through Metal Detectors Can Be Hacked Remotely
Log4j Vulnerabilities – CISA, FBI and NSA Publish Joint Advisory and Scanner