Posted on January 3, 2022 at 5:21 PM
Cybersecurity researchers have suggested that electronic field emanations on Internet of Things (IoT) devices could help to gain insight into the different types of malware that target systems. The research was conducted by some academics from the Research Institute of Computer Science at the Annual Computer Security Applications Conference last month.
The lack of security in IoT devices has encouraged more threat actors to launch different attacks on these devices. Some of the IoT appliances can run fully functional operating systems and are equipped with higher processing power. But some researchers believe that organizations can improve malware analysis using the electronic field emanations, which will go a long way to reduce potential security risks.
Direct Application Of Malware Evasion Techniques Is Feasible
The researchers noted that it’s practically impossible for malware to detect emanation that is measured from the device. As a result, direct application of malware evasion techniques may not be feasible, unlike for dynamic software monitoring. Additionally, a security system that relies on hardware features cannot be taken down since the malware doesn’t have control outside the hardware level.
The aim is to leverage the side channel information that can easily detect any issues in emanations when they start deviating from patterns observed in the past. Once it’s detected, a notification will be sent across immediately, especially when it discovers a suspicious behavior in the system.
Apart from requiring no update on the target device, the detection method used in the research enables the quick identification and classification of sneaky malware such as DDoS botnets, ransomware, and kernel-level rootkits.
The Practical Approach Will Take Place Over Three Phases
The new side-channel method will take place over three phases. It will involve performing benign camera, video, picture, and music activities to set up a convolutional neural network. It will also involve measuring electromagnetic emanations when executing 30 different malware binaries. The framework will be taking executable as input while depending on the side-channel information to take to output its malware label.
While carrying out the pilot phase, the researchers decided to use Raspberry Pi 2B as a target device with 1GB memory and a 900 MHz quad-core processor.
Based on the report, the electronic signal can be drawn and amplified using a combination of a PA 303 BNC preamplifier and an oscilloscope. The plan is to effectively predict the three malware types and their families with an accuracy of up to 99.61%.
The researchers noted that by observing the network’s electromagnetic emanations, it’s possible to gain enough information about the security status of a monitored device. They added that the system has very strong protection against all types of code transformation/obfuscation, including virtualization, packing, and random junk insertion the protective mechanism is also very strong even if the transformation is previously unknown to the system.
Modern microprocessors utilize different optimization methods such as pipelining and caching. However, while these methods can improve performance, they can also increase the complexity of the microprocessor. This can pave way for unauthorized operations that can break the security policies of the hardware.
Good examples of such types of attacks that take advantage of this problem include Meltdown and Spectre. They can be deployed to gain access to unavailable information and memory by exploiting cache timing side-channel leakages, according to the researchers.
Researchers Find More Means To Protect IoT Devices
Security firms have stressed the importance of using more stringent control measures to protect IoT devices. A lot of strategies have been introduced over the years, but threat actors are still finding ways to circumvent security checks and launch an attack.
Devices ultimately have bugs within their memory systems, firmware, network services, physical, and web interface. This allows threat actors to easily exploit systems within the affected device’s components and insecure default settings with update mechanisms. As a result, security researchers have stressed the need for users to manage vulnerability in their network’s devices through continuous monitoring.
The attacks can come from channels that are connected to IoT devices, as have been observed by the researchers. This leads to heavy threats to the security of the system, creating the possibility of denial-of-service (DoS) and spoofing attacks.
With the new strategy of detecting evasive malware on IoT devices, the idea is to significantly reduce the ability of malware to detect vulnerabilities in the devices. Electromagnetic emanation is a new concept devised by security researchers to prevent the high risk of exposure to IoT devices and other systems.