Electromagnetics identifies malware on IoT devices

Sheila Zabeu -

January 12, 2022

A group of researchers is proposing to use electromagnetism to identify malware on IoT devices. The new approach uses the emanations of electromagnetic fields from the equipment as a secondary channel to recognize different types of cyber pests, even in scenarios where obfuscation techniques are used to make analysis difficult.

The innovation was recently presented by scientists at IRISA, a leading French research laboratory in the field of Information Technology. An important advantage of the new method is that it does not require any modification of the monitored devices or installation of protective software. Furthermore, the approach can hardly be detected by malicious agents.

In the tests, a Raspberry Pi device was used as a target device from which electromagnetic emanations were collected during application execution. When anomalies were detected in the waves, i.e. patterns different from those previously observed when benign applications were executed, a suspicious behavior alert was generated.

The researchers claim that in these experiments, they were able to identify three generic malware types with 99.82% accuracy. Furthermore, the results show that the technique can classify malware samples altered with invisible obfuscation technology during the training phase and determine what type of obfuscation was applied.

The probe configuration consists of an H-Field probe placed 45 degrees above the system processor.

To combat the growing threats

Threats to the Internet of Things environment are growing significantly in recent years, in proportion to the number of connected IoT devices that are expected to reach 27 billion by 2025.

Most of them currently come with publicly disclosed default passwords and no basic security mechanism, perhaps to reduce costs or due to the limited computing capacity of IoT devices that prevents the use of more robust protection systems against cyber-attacks.

The varied transmission technologies used by IoT devices also make it difficult to implement security methods and protocols. And as if these obstacles were not enough, vulnerabilities are discovered almost daily in the firmware and systems used by IoT devices, which allow, for example, remote execution of malicious code.

In an attempt to combat this growing wave of threats, the IoT SAFE (IoT SIM Applet For Secure End-2-End Communication) initiative was recently launched to improve the security of IoT devices. The standard, the result of collaboration between device and chipset manufacturers, cloud service providers, and mobile network operators, has been standardized by the GSMA and provides a common mechanism to secure data communication between IoT devices based on a highly trusted SIM card with encryption services installed in applet form, rather than proprietary and potentially less trusted hardware elements.

Source: GSMA

SIM was chosen as the basic component of IoT SAFE because the technology is standardized and already widely used by IoT devices connected to cellular networks. In addition, with the future arrival of 5G in Industrial IoT (IIoT) environments, IoT SAFE will certainly be an easy standard to adopt in this new context.

IoT SAFE is embedded in the SIM of the IoT device as an interoperable JavaCard Applet and performs all security-critical operations. The applet contains valid access credentials that can be in the form of a digital certificate or pre-shared secret key.

According to Internet of Things World and Omdia, 85% of 170 industry leaders believe that security concerns remain a major barrier to the adoption of IoT solutions. Technologies like IRASA’s and standards like IoT SAFE will always be welcome as an attempt to make IoT more secure.