Series 9 – Episode 4 – Leveraging electromagnetic emanations for IoT malware classification

Research about IoT malware and tools developed for automated IoT malware classification are limited. IoT and embedded technologies use numerous customised firmware and hardware, without taking into consideration security issues, which make them an attractive attack surface for cybercriminals, especially malware authors.

Marion and his fellow team members present a novel, robust and promising approach of leveraging electromagnetic emanations to identify the kinds of malware that are targeting devices such as the Raspberry Pi.

Using their new approach, malware analysts can obtain accurate information about the type and identity of IoT malware, even with obfuscation techniques that can prevent static and symbolic binary analysis.

The team recorded traces of more than 100K measurements from IoT devices infected with various malware samples and realistic benign activity. Their method allows deployment independent of available resources with no overhead. Moreover, their approach has the advantage that malware authors are less likely to detect and bypass.

In experiments, the team was able to predict three common types of malware vs. benign activities with 99.82% accuracy.

For Marion, this project allowed him to explore a new world. The IoT world is growing and IoT devices are increasingly being targeted by cyber criminals. “Usually, it’s a choice because you will not spend too much money in the security of a device that has a really low cost,” said Marion. This is why malware will usually target an IoT device.

Marion goes on to explain what experiments/analysis he performed, the conclusions he drew from the analysis and the particular parts of this project that he personally found interesting.

To hear more about malware, the IoT and much more, you can listen to Electronic Specifier’s interview with Damien Marion on Spotify or Apple Podcasts.