A Raspberry Pi can identify malware with electromagnetic waves and without using additional software. A team of researchers from the Research Institute of Computer Science and Random Systems (IRISA or Institute of Computer Science and Random Systems) in France has published a new article detailing how they have achieved this feat.
Unlike other software-based malware detection systems, IRISA’s new system uses an oscilloscope (Picoscope 6407) and an H-Field probe, in addition to a Raspberry Pi 2B, to scan devices for electromagnetic (EM) waves specific.
How Malware Detection Works
Image shared by hothardware, taken from research
The main objective is to be able to detect malware in objects connected through the Internet of ThingsAs these use custom firmware and hardware that, according to those in charge of this investigation, can bring new security problems and make them a target for cybercriminals. The Raspberry Pi targets the electromagnetic field surrounding a potentially infected device
IRISA’s malware detection system relies on an external oscilloscope and an H-Field probe to scan devices. When scanning looks for specific waves that indicate the presence of malware on an affected device.
In addition, the research team was also able to “obtain precise knowledge about the type of malware and its identity” from these scans. According to the researchers, “a malware analyst is able to obtain precise knowledge about the type of malware and its identity” even whether the malware used techniques to prevent static binary analysis the symbolic.
For this research, 100,000 traces of measurements of an IoT device infected by various in-the-wild malware samples were recorded. This method you do not need to modify the equipment to be analyzedIn other words, you don’t have to install any extra software on your computers. “So it can be deployed regardless of available resources without any overhead.” In these experiments, the experts have been able to predict three generic types of malware (and a benign class) and is intended to be useful to malware analysts.
