Researchers from North Carolina State University and the University of Texas at Austin have developed a technique for detecting types of malware that use a system’s architecture to thwart traditional security measures. The new detection approach works by tracking power fluctuations in embedded systems.
“Embedded systems are basically any computer that doesn’t have a physical keyboard – from smartphones to Internet of Things devices,” says Aydin Aysu, co-author of a paper on the work and an assistant professor of electrical and computer engineering at NC State. “Embedded systems are used in everything from the voice-activated virtual assistants in our homes to industrial control systems like those used in power plants. And malware that targets those systems can be used to seize control of these systems or to steal information.”
At issue are so-called micro-architectural attacks. This form of malware makes use of a system’s architectural design, effectively hijacking the hardware in a way that gives outside users control of the system and access to its data. Spectre and Meltdown are high-profile examples of micro-architectural malware.
“The nature of micro-architectural attacks makes them very difficult to detect – but we have found a way to detect them,” Aysu says. “We have a good idea of what power consumption looks like when embedded systems are operating normally. By looking for anomalies in power consumption, we can tell that there is malware in a system – even if we can’t identify the malware directly.”
The power-monitoring solution can be incorporated into smart batteries for use with new embedded systems technologies. New “plug and play” hardware would be needed to apply the detection tool with existing embedded systems.
There is one other limitation: the new detection technique relies on an embedded system’s power reporting. In lab testing, researchers found that – in some instances – the power monitoring detection tool could be fooled if the malware modifies its activity to mimic “normal” power usage patterns.
“However, even in these instances our technique provides an advantage,” Aysu says. “We found that the effort required to mimic normal power consumption and evade detection forced malware to slow down its data transfer rate by between 86 and 97 percent. In short, our approach can still reduce the effects of malware, even in those few instances where the malware is not detected.
“This paper demonstrates a proof of concept. We think it offers an exciting new approach for addressing a widespread security challenge.”
Learn more: New Technique Uses Power Anomalies to ID Malware in Embedded Systems
The Latest on: Malware
[google_news title=”” keyword=”malware ” num_posts=”10″ blurb_length=”0″ show_thumb=”left”]
via Google News
The Latest on: Malware
- New 'Brokewell' Android malware can steal user data and access banking appson April 27, 2024 at 9:29 am
A new malware dubbed Brokewell tricks users into infecting their phones with fake Google Chrome updates, enabling them to spy on users and steal confidential information.
- Bogus npm Packages Used to Trick Software Developers into Installing Malwareon April 26, 2024 at 10:12 pm
Hackers are disguising Python backdoors as legitimate npm packages to target developers during fake job interviews.
- Millions of devices still connect to this dangerous malware, despite the creators ditching it years agoon April 26, 2024 at 12:38 pm
Millions of devices are still connected to the PlugX malware, despite its creators abandoning it months ago, experts have warned. Cybersecurity analysts Sekoia managed to obtain the IP address ...
- New Android Trojan Malware Targets Bank Accounts With Fake Chrome Updateson April 26, 2024 at 9:20 am
Brokewell' malware allows attackers to spy on, steal cookies from, or take control of Android mobile devices for financial gain.
- Self-Spreading PlugX USB Drive Malware Plagues Over 90k IP Addresseson April 26, 2024 at 6:41 am
More than 90,000 unique IPs are still infected with a PlugX worm variant that spreads via infected flash drives.
- New 'Brokewell' Android Malware Spread Through Fake Browser Updateson April 26, 2024 at 3:42 am
A new Android malware called Brokewell is disguising itself as updates for popular apps like Google Chrome and Klarna ...
- Researchers sinkhole PlugX malware server with 2.5 million unique IPson April 25, 2024 at 12:20 pm
Researchers have sinkholed a command and control server for a variant of the PlugX malware and observed in six months more than 2.5 million connections from unique IP addresses.
- New Brokewell malware takes over Android devices, steals dataon April 25, 2024 at 3:00 am
Security researchers have discovered a new Android banking trojan they named Brokewell that can capture every event on the device, from touches and information displayed to text input and the ...
- Ukrainian documents laced with old malware exposedon April 23, 2024 at 5:00 pm
CyberScoop reports that over 100 Ukrainian local government and police documents uploaded to VirusTotal in February were discovered to have been infected with the OfflRouter malware, which dates back ...
- Windows vulnerability reported by the NSA exploited to install Russian malwareon April 22, 2024 at 1:36 pm
When Microsoft patched the vulnerability in October 2022—at least two years after it came under attack by the Russian hackers—the company made no mention that it was under active exploitation. As of ...
via Bing News